SlideShare ist ein Scribd-Unternehmen logo

Mobility Security - A Business-Centric Approach

Omar Khawaja
Omar Khawaja

This is a deck I presented at the RSA Conference in San Francisco in 2013. The content is based on discussions with hundreds of enterprises, security experts, operations teams, vendors and regulators on 5 continents. Presentation Credit: Salahuddin Khawaja

1 von 32
Securing Mobile: A Business-Centric Approach Omar Khawaja February 2013
Mobility this week… @smallersecurity Borderless networks RCS, Joyn SIP, IP MDM Monetization Means vs. End
Mobile is no longer optional @smallersecurity
1980 19901970 20102000 Difference? Have a closer look: its really not that different. @smallersecurity
Top Business Technology Trends Video Social Enterprise Big Data Enterprise Clouds High-IQ Networks M2M2P Compliance Energy Efficiency Consumerization of IT Personalization of Service @smallersecurity
What’s the common theme across top technology trends? @smallersecurity
Video Big Data Enterprise Clouds High-IQ Networks M2M2P Compliance Social Enterprise Energy Efficiency Consumerization of IT Personalization of Service DATA @smallersecurity
Mobility and Cloud fuel each of these trends. @smallersecurity
Security is about Risk ThreatsVulnerabilitiesAssets‘Risk’ @smallersecurity
How do we secure mobile today? @smallersecurity
10 Programs and Technologies @smallersecurity
11 Programs and Technologies Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical & Environment Security Communication & Ops Mgmt Access Control Info Systems Acquisition, Dev, & Maintenance Info Security Incident Management Business Continuity Management Compliance @smallersecurity
12 Programs and Technologies App Security Anti-X Configuration Management DLP Encryption IAM, NAC Patching Policy Management Threat Management VPN Vulnerability Management … @smallersecurity
13 Multiple Approaches @smallersecurity
MultipleSingle Security Technology Sets Single Multiple Security Programs App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Multiple Approaches Worst Case Nirvana Good Really? @smallersecurity
Here’s an approach… @smallersecurity
Data-Centric Approach (Follow the data) Inventory (must) Classify (must) Destroy* (ideal) Protect Monitor @smallersecurity
Data-Centric Security Model Data-centric security is business-centric security @smallersecurity
To protect the data, protect what’s around it too Data-Centric Security Model @smallersecurity
GRC and Intelligence define security program Data-Centric Security Model @smallersecurity
Start with assets, end with the controls Data-Centric Security Model @smallersecurity
How do we execute? @smallersecurity
Data-Centric Security: A Recipe Implement Control Requirements Monitor Control Effectiveness Entitlement Definition Mobile Environment Definition Inventory Users Define Business Processes Destroy Data Inventory Data Categorize Data @smallersecurity
What about Apps? @smallersecurity
What about Apps? Can’t impede app proliferation, but how do you know which to trust? 30 billion app downloads from Apple's App Store Apps have overtaken browsing @smallersecurity
What about the Network? (It’s not just for transport) @smallersecurity
Key security imperatives: 1) Data Governance 2) Application Governance @smallersecurity
Doing things right ↓ Doing the right things Business Context Follow the data Network can help Simplify security program Apps matter @smallersecurity
Question and Answers @smallersecurity
Thank You omar.khawaja@ verizon.com
This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. © 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. PROPRIETAR Y STATEMENT @smallersecurity
Security Leadership Why Verizon? Industry Recognition  Largest & highly rated MSSP (Frost & Sullivan, Gartner, Forrester)  Founding and Executive Member of Open Identity Exchange  Security Consulting practice recognized as a Strong Performer (Forrester)  ICSA Labs is the industry standard for certifying security products (started in 1991) Credentials  More PCI auditors (140+ QSAs) than any other firm in the world  HITRUST Qualified CSF Assessor  Actively participate in 30+ standards / certification bodies, professional organizations and vertical specific consortia  Personnel hold 40+ unique industry, technology and vendor certifications Global Reach  550+ dedicated security consultants in 28 countries speak 28 languages  Investigated breaches in 36 countries in 2011  7 SOCs on 4 continents manage security devices in 45+ countries  Serve 77% of Forbes Global 2000 Experience  Verizon’s SMP is the oldest security certification program in the industry  Analyzed 2000+ breaches involving 1+ Billion records  Manage identities in 50+ countries and for 25+ national governments  Delivered 2000+ security consulting engagements in 2011 ISO 9001 ISO 17025

Empfohlen

Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation EnablerAlexander Akinjayeju. MSc, CISM, Prince2
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceXenith Document Systems Ltd
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Omar Khawaja
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOpen Access Systems Corporation
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...Rea & Associates
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 

Empfohlen

Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation EnablerAlexander Akinjayeju. MSc, CISM, Prince2
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceXenith Document Systems Ltd
 
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraCyber Security Transformation - A New Approach for 2015 & Beyond - Daryl Pereira
Cyber Security Transformation - A New Approach for 2015 & Beyond - Daryl PereiraKnowledge Group
 
Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Total Digital Security Introduction 4.2
Total Digital Security Introduction 4.2Brad Deflin
 
Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Two Peas in a Pod: Cloud Security and Mobile Security
Two Peas in a Pod: Cloud Security and Mobile Security Omar Khawaja
 
Oasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOasys Stonesoft Aligned with ITIL
Oasys Stonesoft Aligned with ITILOpen Access Systems Corporation
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...Rea & Associates
 
A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things A Smarter, More Secure Internet of Things
A Smarter, More Secure Internet of Things NetIQ
 
From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Cyber security
Cyber securityCyber security
Cyber securityVaibhav Jain
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...natjordan6
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMInfinIT - Innovationsnetværket for it
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber SecurityVivianMarcello3
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
DSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilDSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilAndris Soroka
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyberbusinessforward
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017Bill Chamberlin
 
Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsOmar Khawaja
 

Weitere ähnliche Inhalte

Was ist angesagt?

From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...NetIQ
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public versionIBM Sverige
 
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...natjordan6
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence MarketDatsun Arnold
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityHackerOne
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsBill Burns
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud IdentityNetIQ
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?IBM Security
 
DSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilDSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilAndris Soroka
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017Bill Chamberlin
 

Was ist angesagt? (20)

From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...From reactive to automated reducing costs through mature security processes i...
From reactive to automated reducing costs through mature security processes i...
 
Cyber security
Cyber securityCyber security
Cyber security
 
Kista watson summit final public version
Kista watson summit final public versionKista watson summit final public version
Kista watson summit final public version
 
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
Aujas Cyber Security
Aujas Cyber SecurityAujas Cyber Security
Aujas Cyber Security
 
Threat Intelligence Market
Threat Intelligence MarketThreat Intelligence Market
Threat Intelligence Market
 
Why Executives Underinvest In Cybersecurity
Why Executives Underinvest In CybersecurityWhy Executives Underinvest In Cybersecurity
Why Executives Underinvest In Cybersecurity
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels
 
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and OverviewTripwire University: Cyberwar Boot Camp – Introduction and Overview
Tripwire University: Cyberwar Boot Camp – Introduction and Overview
 
What affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burnsWhat affects security program confidence? - may2014 - bill burns
What affects security program confidence? - may2014 - bill burns
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
Cloud Identity
Cloud IdentityCloud Identity
Cloud Identity
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?Are You Ready to Move Your IAM to the Cloud?
Are You Ready to Move Your IAM to the Cloud?
 
DSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_AprilDSS and Security Intelligence @IBM_Connect_2014_April
DSS and Security Intelligence @IBM_Connect_2014_April
 
The State of Cyber
The State of CyberThe State of Cyber
The State of Cyber
 
Security Trend Report, 2017
Security Trend Report, 2017Security Trend Report, 2017
Security Trend Report, 2017
 

Ähnlich wie Mobility Security - A Business-Centric Approach

Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planetVincent Kwon
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsOmar Khawaja
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016SteveAtHPE
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBsJyothi Satyanathan
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptxDESTROYER39
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckArrow ECS UK
 
Kaspersky - Apresentação Corporativa
Kaspersky - Apresentação CorporativaKaspersky - Apresentação Corporativa
Kaspersky - Apresentação CorporativaBravo Tecnologia
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security DemistyifiedMicrosoft UK
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdfLolaHel
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsForeScout Technologies
 

Ähnlich wie Mobility Security - A Business-Centric Approach (20)

Security solutions for a smarter planet
Security solutions for a smarter planetSecurity solutions for a smarter planet
Security solutions for a smarter planet
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
 
MEDS
MEDSMEDS
MEDS
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
NUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital ageNUS-ISS Learning Day 2019-Architecting security in the digital age
NUS-ISS Learning Day 2019-Architecting security in the digital age
 
HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016HPE Security Keynote from Istanbul 20th Jan 2016
HPE Security Keynote from Istanbul 20th Jan 2016
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Cyber Security Seminar.pptx
Cyber Security Seminar.pptxCyber Security Seminar.pptx
Cyber Security Seminar.pptx
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
 
Ibm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deckIbm security overview 2012 jan-18 sellers deck
Ibm security overview 2012 jan-18 sellers deck
 
Kaspersky - Apresentação Corporativa
Kaspersky - Apresentação CorporativaKaspersky - Apresentação Corporativa
Kaspersky - Apresentação Corporativa
 
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, SolutionsKaspersky Lab's Corporate Presentation - our Values, Business, Solutions
Kaspersky Lab's Corporate Presentation - our Values, Business, Solutions
 
kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.kaspersky presentation for palette business solution June 2016 v1.0.
kaspersky presentation for palette business solution June 2016 v1.0.
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
corporate-brochure.pdf
corporate-brochure.pdfcorporate-brochure.pdf
corporate-brochure.pdf
 
The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019The 10 most promising enterprise security solution providers 2019
The 10 most promising enterprise security solution providers 2019
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
 

Mobility Security - A Business-Centric Approach

  • 2. Mobility this week… @smallersecurity Borderless networks RCS, Joyn SIP, IP MDM Monetization Means vs. End
  • 4. 1980 19901970 20102000 Difference? Have a closer look: its really not that different. @smallersecurity
  • 5. Top Business Technology Trends Video Social Enterprise Big Data Enterprise Clouds High-IQ Networks M2M2P Compliance Energy Efficiency Consumerization of IT Personalization of Service @smallersecurity
  • 6. What’s the common theme across top technology trends? @smallersecurity
  • 7. Video Big Data Enterprise Clouds High-IQ Networks M2M2P Compliance Social Enterprise Energy Efficiency Consumerization of IT Personalization of Service DATA @smallersecurity
  • 8. Mobility and Cloud fuel each of these trends. @smallersecurity
  • 9. Security is about Risk ThreatsVulnerabilitiesAssets‘Risk’ @smallersecurity
  • 12. 11 Programs and Technologies Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical & Environment Security Communication & Ops Mgmt Access Control Info Systems Acquisition, Dev, & Maintenance Info Security Incident Management Business Continuity Management Compliance @smallersecurity
  • 13. 12 Programs and Technologies App Security Anti-X Configuration Management DLP Encryption IAM, NAC Patching Policy Management Threat Management VPN Vulnerability Management … @smallersecurity
  • 15. MultipleSingle Security Technology Sets Single Multiple Security Programs App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Multiple Approaches Worst Case Nirvana Good Really? @smallersecurity
  • 17. Data-Centric Approach (Follow the data) Inventory (must) Classify (must) Destroy* (ideal) Protect Monitor @smallersecurity
  • 18. Data-Centric Security Model Data-centric security is business-centric security @smallersecurity
  • 19. To protect the data, protect what’s around it too Data-Centric Security Model @smallersecurity
  • 21. Start with assets, end with the controls Data-Centric Security Model @smallersecurity
  • 22. How do we execute? @smallersecurity
  • 23. Data-Centric Security: A Recipe Implement Control Requirements Monitor Control Effectiveness Entitlement Definition Mobile Environment Definition Inventory Users Define Business Processes Destroy Data Inventory Data Categorize Data @smallersecurity
  • 25. What about Apps? Can’t impede app proliferation, but how do you know which to trust? 30 billion app downloads from Apple's App Store Apps have overtaken browsing @smallersecurity
  • 26. What about the Network? (It’s not just for transport) @smallersecurity
  • 27. Key security imperatives: 1) Data Governance 2) Application Governance @smallersecurity
  • 28. Doing things right ↓ Doing the right things Business Context Follow the data Network can help Simplify security program Apps matter @smallersecurity
  • 31. This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. © 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. PROPRIETAR Y STATEMENT @smallersecurity
  • 32. Security Leadership Why Verizon? Industry Recognition  Largest & highly rated MSSP (Frost & Sullivan, Gartner, Forrester)  Founding and Executive Member of Open Identity Exchange  Security Consulting practice recognized as a Strong Performer (Forrester)  ICSA Labs is the industry standard for certifying security products (started in 1991) Credentials  More PCI auditors (140+ QSAs) than any other firm in the world  HITRUST Qualified CSF Assessor  Actively participate in 30+ standards / certification bodies, professional organizations and vertical specific consortia  Personnel hold 40+ unique industry, technology and vendor certifications Global Reach  550+ dedicated security consultants in 28 countries speak 28 languages  Investigated breaches in 36 countries in 2011  7 SOCs on 4 continents manage security devices in 45+ countries  Serve 77% of Forbes Global 2000 Experience  Verizon’s SMP is the oldest security certification program in the industry  Analyzed 2000+ breaches involving 1+ Billion records  Manage identities in 50+ countries and for 25+ national governments  Delivered 2000+ security consulting engagements in 2011 ISO 9001 ISO 17025

Hinweis der Redaktion

  1. http://gsourceg.com/images/products/product-010.jpg