SlideShare a Scribd company logo

Applied mobile chaos theory

S
SecureITExperts

A 12 Step plan for ending the madness.

Technology
1 of 21
Download to read offline
Applied ‘Mobile Chaos Theory’ …and NCA’s 12-step plan to end the madness Presented by Brad Bemis © 2011 Network Computing Architects, all rights reserved
Our Modern Mobile Workforce The term ‘mobile’ has changed. It’s not just about phone calls and web surfing though… • ‘Always on’ availability • Location-based services • Credit card transactions • Patient medical records • Supply chain management • Customer and partner collaboration • Social media and social marketing • Predictive analysis and unique targeting The technology is getting smaller, faster, and smarter… © 2011 Network Computing Architects, all rights reserved
The Mobile Challenges We Face While keeping up with the rapid pace of innovation is our biggest challenge, it’s only one of many… • Our data is on the move • The network perimeter is gone • The edge is now driving the core • IT services are now a commodity • Cloud and social challenge tie ins • Blurring of personal and business • Balancing emerging risks vs. benefits We must find ways to incorporate security controls that address the four dimensions of mobility above… © 2011 Network Computing Architects, all rights reserved
Applied Mobile Chaos Theory Chaos theory is more complicated than what’s presented here, but: • Chaos underlies complex systems • Patterns can emerge from chaos • Initial conditions play a big part • Indicators of possible outcomes • Equilibrium based on attractors Mobile chaos theory is based on the idea that: • Mobility is a complex system challenge • Success is determined by initial conditions • To achieve equilibrium takes real effort © 2011 Network Computing Architects, all rights reserved
Ending the Madness We can’t just solve part of the problem. In order to fully enable a modern mobile workforce, we should be looking at things from a more holistic perspective:  Needs  Identity Management  Risks  End-Point Protection  Policy  Remote Access  Ecosystem  Data Protection  Virtualization  Training and Awareness  Device Management  Loss and Incident Handling This approach is consistent with our long-standing principles of ‘defense-in-depth’. © 2011 Network Computing Architects, all rights reserved
Needs What are your business needs? The needs of the many What needs do various groups have? The needs of the few What needs do specific individuals have? The needs of the one • Identify the key stakeholders • Gather formal requirements • Define group/user profiles Don’t forget about your compliance needs! • Legal, regulatory, contractual… © 2011 Network Computing Architects, all rights reserved
Risks What is your current risk posture? What are your risk tolerance thresholds? What are you doing to measure/manage risk? • Understand the threat landscape • Establish well-defined decision-making criteria • Build an overall mobile strategy covering all bases Include a risk assessment /analysis to help with planning! • Use FAIR in a contextual manner… © 2011 Network Computing Architects, all rights reserved
Policy What does your policy framework cover? What other security policies might apply? What are your data classification policies? • Define acceptable use • Clarify and explain all expectations • Get formal sign-off and acceptance Mobile devices are just another end-point! • Leverage what you already have… © 2011 Network Computing Architects, all rights reserved
Ecosystem What platforms and models? What carrier service provider(s)? What kind of back-end infrastructure? • Decide on purchased, BYOD, or mixed • Research what carriers can offer you • Consider virtualizing the back-end These are some of the most critical decision points! • Be sure to plan for the future (3 to 5 years)… © 2011 Network Computing Architects, all rights reserved
Virtualization What are you doing about data mixing? What are you doing to fully enable people? What are you doing to keep the security balance? • Consider mobile virtual machines • Keep the current limitations in mind • Understand how it’s different from sandboxing Virtualization really is the answer to many challenges! • Watch this technology closely as it evolves… © 2011 Network Computing Architects, all rights reserved
Device Management What are you doing to lock devices down? What are you doing to manage all of them? What are you doing to keep track of everything? • Review scope, capabilities, and limitations • Build out written configuration standards • Simplify provisioning and de-provisioning Probably the single most important investment made! • Make your decision based on clear requirements… © 2011 Network Computing Architects, all rights reserved
Identity Management How are you authenticating to the device? How are you authenticating to remote assets? How are you authenticating with third parties? • Enforce pins and passphrases • Look at multi-factor authentication • Tie in to federated identity management Identity is everything in a mobile, social, cloud-based world! • Applies to people and assets… © 2011 Network Computing Architects, all rights reserved
End-Point Protection What are you doing about mobile malware? What are you doing to limit network dangers? What are you doing to gain visibility into things? • Use AV on the platforms it’s available for • Consider available mobile FW options • Look into mobile end-point reporting There are a lot of platform dependency issue here! • Stay up to date on how the industry responds… © 2011 Network Computing Architects, all rights reserved
Remote Access How are you providing access to resources? How are you resolving file management issues? How are you keeping data out of the public cloud? • Use a reliable SSL client for remote access • Consider a VDI-based model for mobility • Build your own file management solution File management is one of the biggest issues right now! • Keep your data out of the public cloud… © 2011 Network Computing Architects, all rights reserved
Data Protection How are you protecting the local data store? How are you protecting data on removable cards? How are you protecting data leaving the device? • Disk encryption is still a key requirement • Look into data loss prevention options • Don’t forget about data classification Routing data back to the corporate network may be possible! • Keep an eye on this to use your existing tools… © 2011 Network Computing Architects, all rights reserved
Training and Awareness How do people know what the policies say? How do people know what is/isn’t acceptable? How do people know where to go with issues? • Have a formal awareness and training program • Fold mobility into this larger program • Keep folks up to date on changes Security training/awareness is still the absolute best tool! • Unfortunately it’s still the least used… © 2011 Network Computing Architects, all rights reserved
Loss and Incident Handling What happens if a device is lost or stolen? What happens if something suspicious occurs? What happens if you experience an actual incident? • Have a formal incident response plan • Fold mobility into your existing plan • Make sure folks know what to do Everything we do is to avoid incidents – be prepared though! • It only takes one for everything to change… © 2011 Network Computing Architects, all rights reserved
Closing the Loop Everything is happening at such an incredibly fast pace – it’s hard to keep up. In the future we may see more and more integration between security options, but as it stands today a holistic approach is needed, one that includes:  Needs  Identity Management  Risks  End-Point Protection  Policy  Remote Access  Ecosystem  Data Protection  Virtualization  Training and Awareness  Device Management  Loss and Incident Handling …and, of course, NCA is happy to help! © 2011 Network Computing Architects, all rights reserved
Questions? © 2011 Network Computing Architects, all rights reserved
About the Author: Brad Bemis is the CISO, Security Practice Manager, and Principle Security Consultant for Network Computing Architects (NCA) in Bellevue WA, and has over 20 years of practical experience in IT and information security. He is also a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Associate Business Continuity Planner (ABCP), and Lean Six Sigma Greenbelt; with several additional technology-centric certifications from Cisco, Microsoft, and CompTIA. Brad holds associate degrees in both Personnel Management and in Information Systems Technology, a Bachelors of Science in Information Technology, and is currently pursuing a Masters of Science in Education. He has also engaged in graduate level course-work towards a Masters of Business Administration and a Masters of Science in Clinical Psychology. Brad has worked with multiple Fortune 500 companies, military organizations, and government agencies around the world; in roles ranging from Systems Security Administrator to Chief Information Security Officer (and everything in-between). Although highly skilled across multiple security disciplines, his main passion is information security awareness and training – evangelizing the message and engaging others. He is also very active in the security community, including: contributions to the Cloud Security Alliance (CSA), board positions with the Greater Seattle Area Chapter of the Cloud Security Alliance and the Pacific Northwest Chapter of the Information Systems Security Association (ISSA), participation in several other professional associations, sharing insights and experience across a number of on-line security forums, and much much more. Additional information can be found on Brad's professional blog at www.secureitexpert.com. © 2011 Network Computing Architects, all rights reserved
About NCA’s Information Security Practice: NCA’s Information Security Practice is an ISO 27001 Certified Professional Security Services Consultancy with offices in Bellevue WA, Portland OR, and Los Gatos CA. We offer a wide range of professional security services that can be scaled and customized to meet the business needs of any organization. Our major core competencies include: • Program Management: Building and managing a holistic information security program. • Governance: Incorporating security into enterprise or IT governance frameworks. • Risk Management: Measuring and managing information security and other related risks. • Compliance: Ensuring that all internal and external requirements are being met. • Identity & Access Management: Managing identities and permissions for systems and users. • Perimeter Defense & Firewall Management: Defending the borders between networks. • Traditional & Mobile End-Point Protection: Securing fixed and mobile end-point devices. • Virtualization & Cloud Computing: Migrating customers to the cloud safely and securely. • Event Management & Incident Response: Detecting and responding to security incidents. • Awareness & Training: Engaging people in the process of security on a daily basis. Through a number of strategic partnerships we can also deliver additional services in the areas of: • Managed Services: Managing the day-to-day operational security of information systems. • Application Security & Penetration Testing: Validating controls for business applications. Learn more today at http://www.ncanet.com Or call 877-KNOW NCA (877-566-9622) © 2011 Network Computing Architects, all rights reserved

Recommended

Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingDr. Lydia Kostopoulos
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramNetIQ
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 

Recommended

Leveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityLeveraging Identity to Manage Change and Complexity
Leveraging Identity to Manage Change and ComplexityNetIQ
 
Security White Paper
Security White PaperSecurity White Paper
Security White PaperMobiWee
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingDr. Lydia Kostopoulos
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,Information Security Awareness Group
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramNetIQ
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetBVU
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanNetIQ
 
The Changing Role of IT Staff
The Changing Role of IT StaffThe Changing Role of IT Staff
The Changing Role of IT StaffBVU
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safewoodsy01
 
Mining IT Summit Nov 6 2014
Mining IT Summit Nov 6 2014Mining IT Summit Nov 6 2014
Mining IT Summit Nov 6 2014Lisa Abe-Oldenburg, B.Comm., JD.
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelIntel - API Security & Tokenization
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for TabletSymantec
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
IoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and securityIoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and securityDeniseFerniza
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8John Palfreyman
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 
biometrics and cyber security
biometrics and cyber securitybiometrics and cyber security
biometrics and cyber securityKarthiga Manisekaran
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 

More Related Content

What's hot

Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetBVU
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanNetIQ
 
The Changing Role of IT Staff
The Changing Role of IT StaffThe Changing Role of IT Staff
The Changing Role of IT StaffBVU
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safewoodsy01
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyOracleIDM
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyLiwei Ren任力偉
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Symantec
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for TabletSymantec
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaborationcentralohioissa
 
IoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and securityIoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and securityDeniseFerniza
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protectionAndrew Wong
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8John Palfreyman
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about themBen Rothke
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...HyTrust
 

What's hot (20)

Keep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit BudgetKeep Up with the Demands of IT Security on a Nonprofit Budget
Keep Up with the Demands of IT Security on a Nonprofit Budget
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
 
The Changing Role of IT Staff
The Changing Role of IT StaffThe Changing Role of IT Staff
The Changing Role of IT Staff
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things
 
Security For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers SafeSecurity For Business: Are You And Your Customers Safe
Security For Business: Are You And Your Customers Safe
 
Mining IT Summit Nov 6 2014
Mining IT Summit Nov 6 2014Mining IT Summit Nov 6 2014
Mining IT Summit Nov 6 2014
 
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) PolicyDevelop and Enforce a Bring-Your-Own-Device (BYOD) Policy
Develop and Enforce a Bring-Your-Own-Device (BYOD) Policy
 
Overview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) TechnologyOverview of Data Loss Prevention (DLP) Technology
Overview of Data Loss Prevention (DLP) Technology
 
Enterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - IntelEnterprise API Security & Data Loss Prevention - Intel
Enterprise API Security & Data Loss Prevention - Intel
 
Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14Introducing Data Loss Prevention 14
Introducing Data Loss Prevention 14
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for Tablet
 
Helen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry CollaborationHelen Patton - Cross-Industry Collaboration
Helen Patton - Cross-Industry Collaboration
 
IoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and securityIoT and the implications on business IT architecture and security
IoT and the implications on business IT architecture and security
 
Trend micro data protection
Trend micro data protectionTrend micro data protection
Trend micro data protection
 
Smarter cyber security v8
Smarter cyber security v8Smarter cyber security v8
Smarter cyber security v8
 
Mobile security blunders and what you can do about them
Mobile security blunders and what you can do about themMobile security blunders and what you can do about them
Mobile security blunders and what you can do about them
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 

Similar to Applied mobile chaos theory

NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesHinne Hettema
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestJay McLaughlin
 
8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery8 Experts on Flawless App Delivery
8 Experts on Flawless App DeliveryMighty Guides, Inc.
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7Mark Interrante
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedNorm Barber
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedUnifyCloud
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingAshish Patel
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalAndrew White
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesChris Pepin
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Chris Pepin
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud servicesComarch_Services
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the CloudGaryArdito
 

Similar to Applied mobile chaos theory (20)

biometrics and cyber security
biometrics and cyber securitybiometrics and cyber security
biometrics and cyber security
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
BYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, WestBYOD: Device Control in the Wild, Wild, West
BYOD: Device Control in the Wild, Wild, West
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery8 Experts on Flawless App Delivery
8 Experts on Flawless App Delivery
 
HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7HP2065_TieCon_Presentation_V7
HP2065_TieCon_Presentation_V7
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - SanitizedMigrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
Migrating Critical Applications To The Cloud - ISACA Seattle - Sanitized
 
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitizedMigrating Critical Applications to the Cloud - isaca seattle - sanitized
Migrating Critical Applications to the Cloud - isaca seattle - sanitized
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Brighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - finalBrighttalk understanding the promise of sde - final
Brighttalk understanding the promise of sde - final
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Community IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best PracticesCommunity IT Innovators - IT Security Best Practices
Community IT Innovators - IT Security Best Practices
 
Smarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst ServicesSmarter Commerce Summit - IBM MobileFirst Services
Smarter Commerce Summit - IBM MobileFirst Services
 
Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...Best practices for mobile enterprise security and the importance of endpoint ...
Best practices for mobile enterprise security and the importance of endpoint ...
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
Sleeping well with cloud services
Sleeping well with cloud servicesSleeping well with cloud services
Sleeping well with cloud services
 
Security Management in the Cloud
Security Management in the CloudSecurity Management in the Cloud
Security Management in the Cloud
 

Recently uploaded

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

Applied mobile chaos theory

  • 1. Applied ‘Mobile Chaos Theory’ …and NCA’s 12-step plan to end the madness Presented by Brad Bemis © 2011 Network Computing Architects, all rights reserved
  • 2. Our Modern Mobile Workforce The term ‘mobile’ has changed. It’s not just about phone calls and web surfing though… • ‘Always on’ availability • Location-based services • Credit card transactions • Patient medical records • Supply chain management • Customer and partner collaboration • Social media and social marketing • Predictive analysis and unique targeting The technology is getting smaller, faster, and smarter… © 2011 Network Computing Architects, all rights reserved
  • 3. The Mobile Challenges We Face While keeping up with the rapid pace of innovation is our biggest challenge, it’s only one of many… • Our data is on the move • The network perimeter is gone • The edge is now driving the core • IT services are now a commodity • Cloud and social challenge tie ins • Blurring of personal and business • Balancing emerging risks vs. benefits We must find ways to incorporate security controls that address the four dimensions of mobility above… © 2011 Network Computing Architects, all rights reserved
  • 4. Applied Mobile Chaos Theory Chaos theory is more complicated than what’s presented here, but: • Chaos underlies complex systems • Patterns can emerge from chaos • Initial conditions play a big part • Indicators of possible outcomes • Equilibrium based on attractors Mobile chaos theory is based on the idea that: • Mobility is a complex system challenge • Success is determined by initial conditions • To achieve equilibrium takes real effort © 2011 Network Computing Architects, all rights reserved
  • 5. Ending the Madness We can’t just solve part of the problem. In order to fully enable a modern mobile workforce, we should be looking at things from a more holistic perspective:  Needs  Identity Management  Risks  End-Point Protection  Policy  Remote Access  Ecosystem  Data Protection  Virtualization  Training and Awareness  Device Management  Loss and Incident Handling This approach is consistent with our long-standing principles of ‘defense-in-depth’. © 2011 Network Computing Architects, all rights reserved
  • 6. Needs What are your business needs? The needs of the many What needs do various groups have? The needs of the few What needs do specific individuals have? The needs of the one • Identify the key stakeholders • Gather formal requirements • Define group/user profiles Don’t forget about your compliance needs! • Legal, regulatory, contractual… © 2011 Network Computing Architects, all rights reserved
  • 7. Risks What is your current risk posture? What are your risk tolerance thresholds? What are you doing to measure/manage risk? • Understand the threat landscape • Establish well-defined decision-making criteria • Build an overall mobile strategy covering all bases Include a risk assessment /analysis to help with planning! • Use FAIR in a contextual manner… © 2011 Network Computing Architects, all rights reserved
  • 8. Policy What does your policy framework cover? What other security policies might apply? What are your data classification policies? • Define acceptable use • Clarify and explain all expectations • Get formal sign-off and acceptance Mobile devices are just another end-point! • Leverage what you already have… © 2011 Network Computing Architects, all rights reserved
  • 9. Ecosystem What platforms and models? What carrier service provider(s)? What kind of back-end infrastructure? • Decide on purchased, BYOD, or mixed • Research what carriers can offer you • Consider virtualizing the back-end These are some of the most critical decision points! • Be sure to plan for the future (3 to 5 years)… © 2011 Network Computing Architects, all rights reserved
  • 10. Virtualization What are you doing about data mixing? What are you doing to fully enable people? What are you doing to keep the security balance? • Consider mobile virtual machines • Keep the current limitations in mind • Understand how it’s different from sandboxing Virtualization really is the answer to many challenges! • Watch this technology closely as it evolves… © 2011 Network Computing Architects, all rights reserved
  • 11. Device Management What are you doing to lock devices down? What are you doing to manage all of them? What are you doing to keep track of everything? • Review scope, capabilities, and limitations • Build out written configuration standards • Simplify provisioning and de-provisioning Probably the single most important investment made! • Make your decision based on clear requirements… © 2011 Network Computing Architects, all rights reserved
  • 12. Identity Management How are you authenticating to the device? How are you authenticating to remote assets? How are you authenticating with third parties? • Enforce pins and passphrases • Look at multi-factor authentication • Tie in to federated identity management Identity is everything in a mobile, social, cloud-based world! • Applies to people and assets… © 2011 Network Computing Architects, all rights reserved
  • 13. End-Point Protection What are you doing about mobile malware? What are you doing to limit network dangers? What are you doing to gain visibility into things? • Use AV on the platforms it’s available for • Consider available mobile FW options • Look into mobile end-point reporting There are a lot of platform dependency issue here! • Stay up to date on how the industry responds… © 2011 Network Computing Architects, all rights reserved
  • 14. Remote Access How are you providing access to resources? How are you resolving file management issues? How are you keeping data out of the public cloud? • Use a reliable SSL client for remote access • Consider a VDI-based model for mobility • Build your own file management solution File management is one of the biggest issues right now! • Keep your data out of the public cloud… © 2011 Network Computing Architects, all rights reserved
  • 15. Data Protection How are you protecting the local data store? How are you protecting data on removable cards? How are you protecting data leaving the device? • Disk encryption is still a key requirement • Look into data loss prevention options • Don’t forget about data classification Routing data back to the corporate network may be possible! • Keep an eye on this to use your existing tools… © 2011 Network Computing Architects, all rights reserved
  • 16. Training and Awareness How do people know what the policies say? How do people know what is/isn’t acceptable? How do people know where to go with issues? • Have a formal awareness and training program • Fold mobility into this larger program • Keep folks up to date on changes Security training/awareness is still the absolute best tool! • Unfortunately it’s still the least used… © 2011 Network Computing Architects, all rights reserved
  • 17. Loss and Incident Handling What happens if a device is lost or stolen? What happens if something suspicious occurs? What happens if you experience an actual incident? • Have a formal incident response plan • Fold mobility into your existing plan • Make sure folks know what to do Everything we do is to avoid incidents – be prepared though! • It only takes one for everything to change… © 2011 Network Computing Architects, all rights reserved
  • 18. Closing the Loop Everything is happening at such an incredibly fast pace – it’s hard to keep up. In the future we may see more and more integration between security options, but as it stands today a holistic approach is needed, one that includes:  Needs  Identity Management  Risks  End-Point Protection  Policy  Remote Access  Ecosystem  Data Protection  Virtualization  Training and Awareness  Device Management  Loss and Incident Handling …and, of course, NCA is happy to help! © 2011 Network Computing Architects, all rights reserved
  • 19. Questions? © 2011 Network Computing Architects, all rights reserved
  • 20. About the Author: Brad Bemis is the CISO, Security Practice Manager, and Principle Security Consultant for Network Computing Architects (NCA) in Bellevue WA, and has over 20 years of practical experience in IT and information security. He is also a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Associate Business Continuity Planner (ABCP), and Lean Six Sigma Greenbelt; with several additional technology-centric certifications from Cisco, Microsoft, and CompTIA. Brad holds associate degrees in both Personnel Management and in Information Systems Technology, a Bachelors of Science in Information Technology, and is currently pursuing a Masters of Science in Education. He has also engaged in graduate level course-work towards a Masters of Business Administration and a Masters of Science in Clinical Psychology. Brad has worked with multiple Fortune 500 companies, military organizations, and government agencies around the world; in roles ranging from Systems Security Administrator to Chief Information Security Officer (and everything in-between). Although highly skilled across multiple security disciplines, his main passion is information security awareness and training – evangelizing the message and engaging others. He is also very active in the security community, including: contributions to the Cloud Security Alliance (CSA), board positions with the Greater Seattle Area Chapter of the Cloud Security Alliance and the Pacific Northwest Chapter of the Information Systems Security Association (ISSA), participation in several other professional associations, sharing insights and experience across a number of on-line security forums, and much much more. Additional information can be found on Brad's professional blog at www.secureitexpert.com. © 2011 Network Computing Architects, all rights reserved
  • 21. About NCA’s Information Security Practice: NCA’s Information Security Practice is an ISO 27001 Certified Professional Security Services Consultancy with offices in Bellevue WA, Portland OR, and Los Gatos CA. We offer a wide range of professional security services that can be scaled and customized to meet the business needs of any organization. Our major core competencies include: • Program Management: Building and managing a holistic information security program. • Governance: Incorporating security into enterprise or IT governance frameworks. • Risk Management: Measuring and managing information security and other related risks. • Compliance: Ensuring that all internal and external requirements are being met. • Identity & Access Management: Managing identities and permissions for systems and users. • Perimeter Defense & Firewall Management: Defending the borders between networks. • Traditional & Mobile End-Point Protection: Securing fixed and mobile end-point devices. • Virtualization & Cloud Computing: Migrating customers to the cloud safely and securely. • Event Management & Incident Response: Detecting and responding to security incidents. • Awareness & Training: Engaging people in the process of security on a daily basis. Through a number of strategic partnerships we can also deliver additional services in the areas of: • Managed Services: Managing the day-to-day operational security of information systems. • Application Security & Penetration Testing: Validating controls for business applications. Learn more today at http://www.ncanet.com Or call 877-KNOW NCA (877-566-9622) © 2011 Network Computing Architects, all rights reserved