This document proposes a new data-driven approach to information security services. It involves collecting standardized data during various security services like penetration testing and vulnerability management. This data would be stored in a centralized security data warehouse according to predefined data models. The data can then be analyzed to generate intelligence that can be used to improve services, deepen relationships with clients, and provide a competitive advantage in the security services market.

1. A new approach to
information security services
11101101110111011101110101010000010011010010011001111011000011001111000
A data-driven services portfolio

2. We’re competing in a lemon market ...
now what ?

3. 11101101110111011101110101010000010011010010011001111011000011001111000
“ The service provider that
understands the art of
making use of data
wins the trust of the client.
”

4. 11101101110111011101110101010000010011010010011001111011000011001111000
Data driven services
penetration vulnerability security
testing management monitoring
incident SDLC security
response services architecture

5. 11101101110111011101110101010000010011010010011001111011000011001111000
Data driven services
- create data model per service
collect - ensure consistent collection
- create security data warehouse
store - store data according to data model
- create analysis use cases
analyze - generate intelligence from collected data

6. 11101101110111011101110101010000010011010010011001111011000011001111000
Data models
penetration testing
Client
Vertical <client>
Size ($) <clientdata>
Headcount <vertical>Healthcare</vertical>
Security Team <size>200,000,000</size>
Security budget <headcount>1500</size>
<secteam>5</secteam>
<secbudget>1,000,000</secbudget>
Test </clientdata>
<test>
Scope <scope>Surgeon Webapp</scope>
Type <type>WebApp</scope>
Size <size>3</size>
Timeframe <timeframe>5</timeframe>
<testsubject>
Subject <type>front-end server</type>
<size>20</size>
Type <criticality>9</criticality>
Size <finding>
Criticality <type>XSS</type>
<description>stored XSS by authenticated user</description>
<threat>low</threat>
Finding <impact>high</impact>
Type </finding>
Description </testsubject>
Threat </test>
Impact </client>

7. 11101101110111011101110101010000010011010010011001111011000011001111000
Data models
vulnerability management
(TBD)

8. 11101101110111011101110101010000010011010010011001111011000011001111000
Data models
security monitoring
(TBD)

9. 11101101110111011101110101010000010011010010011001111011000011001111000
How ?
Data entry
Reporting
DB
Consultants
g
Reportin t ing
or
Re
p
lt i ng
su
C on Data entry
$$$$$
Sales/Marketing/
Management
Clients Clients

10. 11101101110111011101110101010000010011010010011001111011000011001111000
Why ?
Client
• expects our expertise beyond engagement
• lacks bandwidth for data analysis
• requires more data for various purposes
compliance, risk management, reporting, ...
We
• require a USP in a lemon market
• require data to improve service quality
• require data to improve service profitability
• desire to deepen relationship with customer

11. 11101101110111011101110101010000010011010010011001111011000011001111000
Question
Answer
Answer
=
Satisfactory
?
End