This document proposes a new data-driven approach to information security services. It involves collecting standardized data during various security services like penetration testing and vulnerability management. This data would be stored in a centralized security data warehouse according to predefined data models. The data can then be analyzed to generate intelligence that can be used to improve services, deepen relationships with clients, and provide a competitive advantage in the security services market.
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Data Driven Infosec Services
1. A new approach to
information security services
11101101110111011101110101010000010011010010011001111011000011001111000
A data-driven services portfolio
5. 11101101110111011101110101010000010011010010011001111011000011001111000
Data driven services
- create data model per service
collect - ensure consistent collection
- create security data warehouse
store - store data according to data model
- create analysis use cases
analyze - generate intelligence from collected data
6. 11101101110111011101110101010000010011010010011001111011000011001111000
Data models
penetration testing
Client
Vertical <client>
Size ($) <clientdata>
Headcount <vertical>Healthcare</vertical>
Security Team <size>200,000,000</size>
Security budget <headcount>1500</size>
<secteam>5</secteam>
<secbudget>1,000,000</secbudget>
Test </clientdata>
<test>
Scope <scope>Surgeon Webapp</scope>
Type <type>WebApp</scope>
Size <size>3</size>
Timeframe <timeframe>5</timeframe>
<testsubject>
Subject <type>front-end server</type>
<size>20</size>
Type <criticality>9</criticality>
Size <finding>
Criticality <type>XSS</type>
<description>stored XSS by authenticated user</description>
<threat>low</threat>
Finding <impact>high</impact>
Type </finding>
Description </testsubject>
Threat </test>
Impact </client>
10. 11101101110111011101110101010000010011010010011001111011000011001111000
Why ?
Client
• expects our expertise beyond engagement
• lacks bandwidth for data analysis
• requires more data for various purposes
compliance, risk management, reporting, ...
We
• require a USP in a lemon market
• require data to improve service quality
• require data to improve service profitability
• desire to deepen relationship with customer