SlideShare ist ein Scribd-Unternehmen logo

Presentation crafting your active security management strategy 3 keys and 4 steps

X
xKinAnx

The document discusses an active security management strategy with 4 key steps: 1) Security risk management to identify, assess, and mitigate risks. 2) Operations management to configure, operate, and monitor security controls. 3) Incident management to collect, correlate, investigate, and remediate security incidents. 4) Business-driven management to fully embed security in business processes and integrate security tools with business systems.

TechnologieBusiness
1 von 33
Downloaden Sie, um offline zu lesen
Crafting Your Active Security Management Strategy: 3 Keys and 4 Steps EMC CONFIDENTIAL—INTERNAL USE ONLY 1
Agenda • Security Challenges: A Root-Cause Analysis • 3 Keys to Effective Security Management • RSA’s 4-Step Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 2
EMC eGRC Strategy eGRC Business Solutions Business Security Information Continuity Management Governance Management RSA Archer eGRC Management Platform Consulting/Implementation Best Practices EMC CONFIDENTIAL—INTERNAL USE ONLY 3
Pop Quiz You have not maximized your security management program if… You are assessing compliance one regulation at a time You can’t prioritize your projects by risk You handle incidents like playing Whack-a-Mole You have mountains of security data and don’t use it Management has no idea how well you are doing (and Finance can’t see why you deserve a bigger budget) EMC CONFIDENTIAL—INTERNAL USE ONLY 4
Security Challenges: A Root-Cause Analysis EMC CONFIDENTIAL—INTERNAL USE ONLY 5
Traditional Approach Team Team Policy Point Tool Policy Point Tool Network Datacenter Team Team Policy Point Tool Policy Point Tool Endpoint Applications Siloed Inflexible Inconsistent Costly EMC CONFIDENTIAL—INTERNAL USE ONLY 6
Result: Uncontrolled Risk Risk = Likelihood × Impact • threats • detection • vulnerabilities • response • value of target • value of target PRIORITIZE BY RISK: LIKELIHOOD IMPACT HIGH MEDIUM MEDIUM LOW EMC CONFIDENTIAL—INTERNAL USE ONLY 7
PlayStation suffers Business Impact massive data breach… Uncontrolled risk leads to… Increased Exposure to Inhibited Business Catastrophic Loss Objectives • Theft of trade secrets • Virtualization • Headline-making breaches • Consumer web services • Fines and penalties • Geographic expansion EMC CONFIDENTIAL—INTERNAL USE ONLY 8
Security is about… Security isn’t about security. It is about managing risk at some cost. In the absence of metrics, we tend to over compensate and focus on risks that are either familiar or recent. Hugh Thompson, Chief Security Strategist People Security EMC CONFIDENTIAL—INTERNAL USE ONLY 9
The 3 Keys to Effective Security Management EMC CONFIDENTIAL—INTERNAL USE ONLY 10
#1: Begin and End with Business Context Executive Audit Risk Legal, HR, etc Committee Committee Committee Business Authoritative Business Policies Objectives Sources Criticality Governance Security Monitoring Management EMC CONFIDENTIAL—INTERNAL USE ONLY 11
#2: Follow an Integrated Approach How? Define business objectives Business Define business-level risk targets Governance Define business-critical assets Security Risk Understand external and internal threat landscape Identify vulnerabilities Management Classify high-value assets Prioritize work by risk Operations Add security controls where needed Management Maximize monitoring and visibility Identify security events Incident Prioritize by business impact Management Report to business owners Reassess business risk and critical assets Security Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 12
#3: Develop a Maturity Strategy Where do you want to be in 3 years? Current state Desired state Business Governance Security buried Basic guidelines Security is part of every inside IT defined by business business process Security Risk Management Newspaper view Follow industry Manage business- of risk practices specific risks Operations Management Bare minimum tools Compliance- Risk-based controls driven controls and monitoring Incident Management Siloed monitoring Correlation and Advanced analytics prioritization Tactical Maturity Strategic EMC CONFIDENTIAL—INTERNAL USE ONLY 13
RSA’s 4-Step Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 14
RSA Enables Security Management Archer Policy Management Business Archer Enterprise Management Governance Archer Compliance Management Security Risk Archer Risk and Threat Management DLP Risk Remediation Manager and Policy Workflow Manager Management NetWitness Spectrum Archer Enterprise Management Operations Solution for Cloud Security and Compliance Management EMC Ionix Integrations with asset managers Archer Incident Management Incident enVision SIEM Management DLP (Data Loss Prevention) NetWitness Investigator Security Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 15
Step 1: Security Risk Management Context Identification Assessment Mitigation Establishment EMC CONFIDENTIAL—INTERNAL USE ONLY 16
Security Risk Management Example: DLP Risk Remediation Manager Day 40 90% of files remediated Day 3 Repeatable and 1200 Owners continuously monitored in 43 Countries Identified Analyst work space and executive metrics in RRM. Day 10 Day 1 RRM sends initial 30K files discovered questionnaire to data by RSA DLP owners “The new process was more than 4 times faster and much less disruptive to business.” - EMC CIRC EMC CONFIDENTIAL—INTERNAL USE ONLY 17
Step 2: Operations Management Control Configuration Operation Monitoring Standards EMC CONFIDENTIAL—INTERNAL USE ONLY 18
Operations Management Example: RSA Solution for Cloud Security and Compliance Component Discovery and Population Configuration Measurement (40% automated) > 130 VMware Specific Archer Control Procedures Connector Framework alerts enVision >380 log messages EMC CONFIDENTIAL—INTERNAL USE ONLY 19
Step 3: Incident Management Collection/ Correlation/ Investigation Remediation Detection Prioritization EMC CONFIDENTIAL—INTERNAL USE ONLY 20
Incident Management Example: RSA Solution for Security Incident Management Enterprise and Policy Mgr enVision alerts are put in context with enterprise assets, risk, process, Context Policy teams, etc. Connector Framework Incident Dashboards Near Real-time feed into Archer and Workflow Plug-in Architecture for additional Incidents are assigned in work incident and compliance solutions queues, workflow automates the case management process. Metrics are rolled up into an executive level dashboard SIEM Formatted XML data out of enVision Task Triage – Incident details with “We saved 1,500 associated notes hours a month due to the integration.” - EMC CIRC EMC CONFIDENTIAL—INTERNAL USE ONLY 21
Step 4: Business-Driven Management IT Risk Operations Incident Management Management Management “MassMutual’s approach to security is now based on a more current holistic view of the enterprise.” - Mike Foley, CIO, MassMutual EMC CONFIDENTIAL—INTERNAL USE ONLY 22
Business Driven Customer Success BEFORE AFTER NEEDS Protect More current, holistic view • 6,000 employees and PCs of the enterprise Managing risk in a • Thousands of servers and financial services network devices Faster response to critical • 700 applications firm with $420B in threats and potential • Personal information of more assets than 12 million customers exploits MassMutual’s approach See big picture and drill Consolidated all critical IT to security is “now down on specifics risks into real time based on a more current holistic view of executive dashboards Identify & Prioritize the enterprise.” critical risks Mike Foley, CIO 97.5% cost reduction in MassMutual the risk analysis process Information Week Article Automate risk assessments EMC CONFIDENTIAL—INTERNAL USE ONLY 23
Leading Products, Better Together Archer enVision DLP VMware Integration & Solution Sol’n for Security Incident Mgmt DLP Risk Remediation Manager DLP Policy Workflow Manager Content-aware SIEM Sol’n for Cloud Security & Compliance SecurBook for VMware View (VDI) NetWitness: integrations to be announced! Leader Leader Leader eGRC SIEM Data Loss Prevention EMC CONFIDENTIAL—INTERNAL USE ONLY 24
Take a Strategic Approach with RSA Step 4: Most organizations are here Business-Oriented • Security fully Step 3: embedded in IT Risk-Oriented enterprise processes • data fully integrated • Proactive and with business context Step 2: assessment based • Security tools Compliance-Driven • Collect data needed to integrated with detect advanced business tools • Check-box mentality threats Step 1: • Collect data needed • Security tools Legacy for compliance integration providing • Tactical tools with technical visibility Approach • Security is “necessary compliance reporting evil” Information • No monitoring Technology • Reactive and tactical point products “Security management is going to be baked into many layers of business operations. That’s what I’m seeing in my organization.” - Member, RSA Security Management Working Group EMC CONFIDENTIAL—INTERNAL USE ONLY 25
In Action: Critical Incident Response Center EMC Critical Incident Response Center, Bedford, MA Integrated Business Context Process Automation Visibility Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 26
Next Steps and Resources • Round Table Discussion on Privacy • Incident Management Solution Brief • Privacy Survey • eGRC White Paper • Ovum Research EMC CONFIDENTIAL—INTERNAL USE ONLY 27
THANK YOU EMC CONFIDENTIAL—INTERNAL USE ONLY 28
These backup slides just provide more product details on the 4 steps EMC CONFIDENTIAL—INTERNAL USE ONLY 29
Step 1: Security Risk Management Context Identification Assessment Mitigation Establishment Archer • Capture and relate risks to business objectives • Import data from vulnerability assessments, threat feeds (eGRC) • Build and deliver online assessments • Resolve findings to reduce risk to tolerable levels DLP • Map DLP policies to business policies • Identify sensitive data in vulnerable locations • Just-in-time education of end-users reduce future risks NetWitness • Risk-based identification of malicious code EMC CONFIDENTIAL—INTERNAL USE ONLY 30
Step 2: Operations Management Control Configuration Operation Monitoring Standards Archer • Control Standards: 900+ standards • Configuration: 4500+ control procedures (eGRC) • Monitoring: 8500+ question library enVision • Real-time monitoring from the most event sources • Reporting: 1200+ out of box reports (SIEM) EMC CONFIDENTIAL—INTERNAL USE ONLY 31
Step 3: Incident Management Collection/ Correlation/ Investigation Remediation Detection Prioritization Archer • Business-level incident management including Legal, HR, BUs enVision • Unmatched depth and breadth of event collection (SIEM) • Some of the largest SIEM deployments in the world • Prioritize by vulnerability feeds and watch lists NetWitness • Capture and visualize all network traffic for real time analysis • Unparalleled network forensics DLP • Data-centric view of policy violations everywhere • Automatically quarantine emails, block file transfers EMC CONFIDENTIAL—INTERNAL USE ONLY 32
Step 4: Business-Driven Management IT Risk Operations Incident Management Management Management RSA Archer eGRC Suite • Central repository for policies, risks, and incidents • All data presented in business context • Integration with key security systems • Comprehensive audits and reports EMC CONFIDENTIAL—INTERNAL USE ONLY 33

Empfohlen

Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Joseph Schorr
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity ModelConferencias FIST
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccessasundaram1
 
Paradigm Shift! - Customer Information Centric IT Risk Assessments
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsParadigm Shift! - Customer Information Centric IT Risk Assessments
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsFernando Reiser
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Lean ISMS - An ISO27001 based System for SMBs
Lean ISMS - An ISO27001 based System for SMBsLean ISMS - An ISO27001 based System for SMBs
Lean ISMS - An ISO27001 based System for SMBsThiruvadinathan A
 
Massbiz Consulting Crede Sed Proba
Massbiz Consulting Crede Sed ProbaMassbiz Consulting Crede Sed Proba
Massbiz Consulting Crede Sed ProbaJames McDonald
 

Empfohlen

Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Security awarenesspreso draft-v-11
Security awarenesspreso draft-v-11Joseph Schorr
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity ModelConferencias FIST
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccess2006 issa journal-organizingand-managingforsuccess
2006 issa journal-organizingand-managingforsuccessasundaram1
 
Paradigm Shift! - Customer Information Centric IT Risk Assessments
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsParadigm Shift! - Customer Information Centric IT Risk Assessments
Paradigm Shift! - Customer Information Centric IT Risk AssessmentsFernando Reiser
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesJorge Sebastiao
 
Lean ISMS - An ISO27001 based System for SMBs
Lean ISMS - An ISO27001 based System for SMBsLean ISMS - An ISO27001 based System for SMBs
Lean ISMS - An ISO27001 based System for SMBsThiruvadinathan A
 
Massbiz Consulting Crede Sed Proba
Massbiz Consulting Crede Sed ProbaMassbiz Consulting Crede Sed Proba
Massbiz Consulting Crede Sed ProbaJames McDonald
 
The safety leadership challenge building soft skills for exemplary safety p...
The safety leadership challenge building soft skills for exemplary safety p...The safety leadership challenge building soft skills for exemplary safety p...
The safety leadership challenge building soft skills for exemplary safety p...OHS Leaders Summit
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Seema Sheth-Voss
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Security Principles for CEOs
Security Principles for CEOsSecurity Principles for CEOs
Security Principles for CEOsMorten Bjørklund
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture FrameworkMohamed Ridha CHEBBI, CISSP
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMIvanti
 
Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Arthur Fontaine
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...OHS Leaders Summit
 
Enabling Embedded Business Continuity
Enabling Embedded Business ContinuityEnabling Embedded Business Continuity
Enabling Embedded Business ContinuityMustafa KILIC
 
Small Business Technology Challenges
Small Business Technology ChallengesSmall Business Technology Challenges
Small Business Technology ChallengesInfinity Technologies
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetClear Technologies
 
Unconventional Security Metrics & Marginal Analysis
Unconventional Security Metrics & Marginal AnalysisUnconventional Security Metrics & Marginal Analysis
Unconventional Security Metrics & Marginal AnalysisRoger Johnston
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
Dod IA Pen Testing Brief
Dod IA Pen Testing BriefDod IA Pen Testing Brief
Dod IA Pen Testing BriefDavid McGuire
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 
PCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentPCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentTripwire
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 

Weitere ähnliche Inhalte

Was ist angesagt?

The safety leadership challenge building soft skills for exemplary safety p...
The safety leadership challenge building soft skills for exemplary safety p...The safety leadership challenge building soft skills for exemplary safety p...
The safety leadership challenge building soft skills for exemplary safety p...OHS Leaders Summit
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksIBM
 
Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Seema Sheth-Voss
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information SecurityCindy Kim
 
Security Principles for CEOs
Security Principles for CEOsSecurity Principles for CEOs
Security Principles for CEOsMorten Bjørklund
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMIvanti
 
Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Arthur Fontaine
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...OHS Leaders Summit
 
Enabling Embedded Business Continuity
Enabling Embedded Business ContinuityEnabling Embedded Business Continuity
Enabling Embedded Business ContinuityMustafa KILIC
 
Small Business Technology Challenges
Small Business Technology ChallengesSmall Business Technology Challenges
Small Business Technology ChallengesInfinity Technologies
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetClear Technologies
 
Unconventional Security Metrics & Marginal Analysis
Unconventional Security Metrics & Marginal AnalysisUnconventional Security Metrics & Marginal Analysis
Unconventional Security Metrics & Marginal AnalysisRoger Johnston
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
Dod IA Pen Testing Brief
Dod IA Pen Testing BriefDod IA Pen Testing Brief
Dod IA Pen Testing BriefDavid McGuire
 
PCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentPCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentTripwire
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITYRazorpoint Security
 

Was ist angesagt? (20)

The safety leadership challenge building soft skills for exemplary safety p...
The safety leadership challenge building soft skills for exemplary safety p...The safety leadership challenge building soft skills for exemplary safety p...
The safety leadership challenge building soft skills for exemplary safety p...
 
Responding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacksResponding to and recovering from sophisticated security attacks
Responding to and recovering from sophisticated security attacks
 
Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012Fs isac fico and core presentation10222012
Fs isac fico and core presentation10222012
 
7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security7 Things Every Ceo Should Know About Information Security
7 Things Every Ceo Should Know About Information Security
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
Security Principles for CEOs
Security Principles for CEOsSecurity Principles for CEOs
Security Principles for CEOs
 
iCode Security Architecture Framework
iCode Security Architecture FrameworkiCode Security Architecture Framework
iCode Security Architecture Framework
 
SMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSMSMB270: Security Essentials for ITSM
SMB270: Security Essentials for ITSM
 
Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1Inv306 going social in a world of grc v.1.1
Inv306 going social in a world of grc v.1.1
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...Putting safety to work the business case for psychology based safety training...
Putting safety to work the business case for psychology based safety training...
 
Enabling Embedded Business Continuity
Enabling Embedded Business ContinuityEnabling Embedded Business Continuity
Enabling Embedded Business Continuity
 
Small Business Technology Challenges
Small Business Technology ChallengesSmall Business Technology Challenges
Small Business Technology Challenges
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
 
Unconventional Security Metrics & Marginal Analysis
Unconventional Security Metrics & Marginal AnalysisUnconventional Security Metrics & Marginal Analysis
Unconventional Security Metrics & Marginal Analysis
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
Dod IA Pen Testing Brief
Dod IA Pen Testing BriefDod IA Pen Testing Brief
Dod IA Pen Testing Brief
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
PCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a PunishmentPCI: A Valuable Security Framework, Not a Punishment
PCI: A Valuable Security Framework, Not a Punishment
 
10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY10 KEYS TO EFFECTIVE NETWORK SECURITY
10 KEYS TO EFFECTIVE NETWORK SECURITY
 

Ähnlich wie Presentation crafting your active security management strategy 3 keys and 4 steps

Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeKrisValerio
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachFlaskdata.io
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierRamsés Gallego
 
A brief overview of operational risk
A brief overview of operational riskA brief overview of operational risk
A brief overview of operational riskDiane Christina
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By DesignNalneesh Gaur
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009apompliano
 
Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringQ1 Labs
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...Andris Soroka
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems PolicyAli Sadhik Shaik
 
2012 ReEnergize the Americas 3B: Gene Rodriguez
2012 ReEnergize the Americas 3B: Gene Rodriguez2012 ReEnergize the Americas 3B: Gene Rodriguez
2012 ReEnergize the Americas 3B: Gene RodriguezReenergize
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Carl Booth
 
Creating effective security controls
Creating effective security controlsCreating effective security controls
Creating effective security controlsInterop
 

Ähnlich wie Presentation crafting your active security management strategy 3 keys and 4 steps (20)

Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT Security
 
CRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff CrumeCRTC Cloud Security- Jeff Crume
CRTC Cloud Security- Jeff Crume
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based Approach
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
 
A brief overview of operational risk
A brief overview of operational riskA brief overview of operational risk
A brief overview of operational risk
 
Information Security By Design
Information Security By DesignInformation Security By Design
Information Security By Design
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009Refense Security Risk Briefing July 2009
Refense Security Risk Briefing July 2009
 
Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk Scoring
 
Sap risk advisory presentation
Sap risk advisory presentationSap risk advisory presentation
Sap risk advisory presentation
 
Sap Risk Advisory Presentation
Sap Risk Advisory PresentationSap Risk Advisory Presentation
Sap Risk Advisory Presentation
 
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
DSS ITSEC CONFERENCE - Q1 Labs - Intelligent network security - next genera...
 
Sw keynote
Sw keynoteSw keynote
Sw keynote
 
Information Systems Policy
Information Systems PolicyInformation Systems Policy
Information Systems Policy
 
2012 ReEnergize the Americas 3B: Gene Rodriguez
2012 ReEnergize the Americas 3B: Gene Rodriguez2012 ReEnergize the Americas 3B: Gene Rodriguez
2012 ReEnergize the Americas 3B: Gene Rodriguez
 
Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012Symantec Control Compliance Suite 11, February 2012
Symantec Control Compliance Suite 11, February 2012
 
Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2Xero Risk Product Presentation V3.2
Xero Risk Product Presentation V3.2
 
Creating effective security controls
Creating effective security controlsCreating effective security controls
Creating effective security controls
 
Reputational Risk
Reputational RiskReputational Risk
Reputational Risk
 

Mehr von xKinAnx

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep divexKinAnx
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudxKinAnx
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 xKinAnx
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...xKinAnx
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directionsxKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...xKinAnx
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...xKinAnx
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudxKinAnx
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...xKinAnx
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...xKinAnx
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutxKinAnx
 

Mehr von xKinAnx (20)

Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2Engage for success ibm spectrum accelerate 2
Engage for success ibm spectrum accelerate 2
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep diveAccelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive
 
Software defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloudSoftware defined storage provisioning using ibm smart cloud
Software defined storage provisioning using ibm smart cloud
 
Ibm spectrum virtualize 101
Ibm spectrum virtualize 101 Ibm spectrum virtualize 101
Ibm spectrum virtualize 101
 
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
Accelerate with ibm storage ibm spectrum virtualize hyper swap deep dive dee...
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
 
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
Ibm spectrum scale fundamentals workshop for americas part 2 IBM Spectrum Sca...
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
 
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
Ibm spectrum scale fundamentals workshop for americas part 4 Replication, Str...
 
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
Ibm spectrum scale fundamentals workshop for americas part 4 spectrum scale_r...
 
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
Ibm spectrum scale fundamentals workshop for americas part 5 spectrum scale_c...
 
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 6 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
Ibm spectrum scale fundamentals workshop for americas part 7 spectrumscale el...
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
 
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
Ibm spectrum scale fundamentals workshop for americas part 5 ess gnr-usecases...
 
Presentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloudPresentation disaster recovery in virtualization and cloud
Presentation disaster recovery in virtualization and cloud
 
Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...Presentation disaster recovery for oracle fusion middleware with the zfs st...
Presentation disaster recovery for oracle fusion middleware with the zfs st...
 
Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...Presentation differentiated virtualization for enterprise clouds, large and...
Presentation differentiated virtualization for enterprise clouds, large and...
 
Presentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rolloutPresentation desktops for the cloud the view rollout
Presentation desktops for the cloud the view rollout
 

Kürzlich hochgeladen

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 

Kürzlich hochgeladen (20)

Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 

Presentation crafting your active security management strategy 3 keys and 4 steps

  • 1. Crafting Your Active Security Management Strategy: 3 Keys and 4 Steps EMC CONFIDENTIAL—INTERNAL USE ONLY 1
  • 2. Agenda • Security Challenges: A Root-Cause Analysis • 3 Keys to Effective Security Management • RSA’s 4-Step Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 2
  • 3. EMC eGRC Strategy eGRC Business Solutions Business Security Information Continuity Management Governance Management RSA Archer eGRC Management Platform Consulting/Implementation Best Practices EMC CONFIDENTIAL—INTERNAL USE ONLY 3
  • 4. Pop Quiz You have not maximized your security management program if… You are assessing compliance one regulation at a time You can’t prioritize your projects by risk You handle incidents like playing Whack-a-Mole You have mountains of security data and don’t use it Management has no idea how well you are doing (and Finance can’t see why you deserve a bigger budget) EMC CONFIDENTIAL—INTERNAL USE ONLY 4
  • 5. Security Challenges: A Root-Cause Analysis EMC CONFIDENTIAL—INTERNAL USE ONLY 5
  • 6. Traditional Approach Team Team Policy Point Tool Policy Point Tool Network Datacenter Team Team Policy Point Tool Policy Point Tool Endpoint Applications Siloed Inflexible Inconsistent Costly EMC CONFIDENTIAL—INTERNAL USE ONLY 6
  • 7. Result: Uncontrolled Risk Risk = Likelihood × Impact • threats • detection • vulnerabilities • response • value of target • value of target PRIORITIZE BY RISK: LIKELIHOOD IMPACT HIGH MEDIUM MEDIUM LOW EMC CONFIDENTIAL—INTERNAL USE ONLY 7
  • 8. PlayStation suffers Business Impact massive data breach… Uncontrolled risk leads to… Increased Exposure to Inhibited Business Catastrophic Loss Objectives • Theft of trade secrets • Virtualization • Headline-making breaches • Consumer web services • Fines and penalties • Geographic expansion EMC CONFIDENTIAL—INTERNAL USE ONLY 8
  • 9. Security is about… Security isn’t about security. It is about managing risk at some cost. In the absence of metrics, we tend to over compensate and focus on risks that are either familiar or recent. Hugh Thompson, Chief Security Strategist People Security EMC CONFIDENTIAL—INTERNAL USE ONLY 9
  • 10. The 3 Keys to Effective Security Management EMC CONFIDENTIAL—INTERNAL USE ONLY 10
  • 11. #1: Begin and End with Business Context Executive Audit Risk Legal, HR, etc Committee Committee Committee Business Authoritative Business Policies Objectives Sources Criticality Governance Security Monitoring Management EMC CONFIDENTIAL—INTERNAL USE ONLY 11
  • 12. #2: Follow an Integrated Approach How? Define business objectives Business Define business-level risk targets Governance Define business-critical assets Security Risk Understand external and internal threat landscape Identify vulnerabilities Management Classify high-value assets Prioritize work by risk Operations Add security controls where needed Management Maximize monitoring and visibility Identify security events Incident Prioritize by business impact Management Report to business owners Reassess business risk and critical assets Security Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 12
  • 13. #3: Develop a Maturity Strategy Where do you want to be in 3 years? Current state Desired state Business Governance Security buried Basic guidelines Security is part of every inside IT defined by business business process Security Risk Management Newspaper view Follow industry Manage business- of risk practices specific risks Operations Management Bare minimum tools Compliance- Risk-based controls driven controls and monitoring Incident Management Siloed monitoring Correlation and Advanced analytics prioritization Tactical Maturity Strategic EMC CONFIDENTIAL—INTERNAL USE ONLY 13
  • 14. RSA’s 4-Step Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 14
  • 15. RSA Enables Security Management Archer Policy Management Business Archer Enterprise Management Governance Archer Compliance Management Security Risk Archer Risk and Threat Management DLP Risk Remediation Manager and Policy Workflow Manager Management NetWitness Spectrum Archer Enterprise Management Operations Solution for Cloud Security and Compliance Management EMC Ionix Integrations with asset managers Archer Incident Management Incident enVision SIEM Management DLP (Data Loss Prevention) NetWitness Investigator Security Management framework: ISO 27001 Risk Management framework: ISO 31000 EMC CONFIDENTIAL—INTERNAL USE ONLY 15
  • 16. Step 1: Security Risk Management Context Identification Assessment Mitigation Establishment EMC CONFIDENTIAL—INTERNAL USE ONLY 16
  • 17. Security Risk Management Example: DLP Risk Remediation Manager Day 40 90% of files remediated Day 3 Repeatable and 1200 Owners continuously monitored in 43 Countries Identified Analyst work space and executive metrics in RRM. Day 10 Day 1 RRM sends initial 30K files discovered questionnaire to data by RSA DLP owners “The new process was more than 4 times faster and much less disruptive to business.” - EMC CIRC EMC CONFIDENTIAL—INTERNAL USE ONLY 17
  • 18. Step 2: Operations Management Control Configuration Operation Monitoring Standards EMC CONFIDENTIAL—INTERNAL USE ONLY 18
  • 19. Operations Management Example: RSA Solution for Cloud Security and Compliance Component Discovery and Population Configuration Measurement (40% automated) > 130 VMware Specific Archer Control Procedures Connector Framework alerts enVision >380 log messages EMC CONFIDENTIAL—INTERNAL USE ONLY 19
  • 20. Step 3: Incident Management Collection/ Correlation/ Investigation Remediation Detection Prioritization EMC CONFIDENTIAL—INTERNAL USE ONLY 20
  • 21. Incident Management Example: RSA Solution for Security Incident Management Enterprise and Policy Mgr enVision alerts are put in context with enterprise assets, risk, process, Context Policy teams, etc. Connector Framework Incident Dashboards Near Real-time feed into Archer and Workflow Plug-in Architecture for additional Incidents are assigned in work incident and compliance solutions queues, workflow automates the case management process. Metrics are rolled up into an executive level dashboard SIEM Formatted XML data out of enVision Task Triage – Incident details with “We saved 1,500 associated notes hours a month due to the integration.” - EMC CIRC EMC CONFIDENTIAL—INTERNAL USE ONLY 21
  • 22. Step 4: Business-Driven Management IT Risk Operations Incident Management Management Management “MassMutual’s approach to security is now based on a more current holistic view of the enterprise.” - Mike Foley, CIO, MassMutual EMC CONFIDENTIAL—INTERNAL USE ONLY 22
  • 23. Business Driven Customer Success BEFORE AFTER NEEDS Protect More current, holistic view • 6,000 employees and PCs of the enterprise Managing risk in a • Thousands of servers and financial services network devices Faster response to critical • 700 applications firm with $420B in threats and potential • Personal information of more assets than 12 million customers exploits MassMutual’s approach See big picture and drill Consolidated all critical IT to security is “now down on specifics risks into real time based on a more current holistic view of executive dashboards Identify & Prioritize the enterprise.” critical risks Mike Foley, CIO 97.5% cost reduction in MassMutual the risk analysis process Information Week Article Automate risk assessments EMC CONFIDENTIAL—INTERNAL USE ONLY 23
  • 24. Leading Products, Better Together Archer enVision DLP VMware Integration & Solution Sol’n for Security Incident Mgmt DLP Risk Remediation Manager DLP Policy Workflow Manager Content-aware SIEM Sol’n for Cloud Security & Compliance SecurBook for VMware View (VDI) NetWitness: integrations to be announced! Leader Leader Leader eGRC SIEM Data Loss Prevention EMC CONFIDENTIAL—INTERNAL USE ONLY 24
  • 25. Take a Strategic Approach with RSA Step 4: Most organizations are here Business-Oriented • Security fully Step 3: embedded in IT Risk-Oriented enterprise processes • data fully integrated • Proactive and with business context Step 2: assessment based • Security tools Compliance-Driven • Collect data needed to integrated with detect advanced business tools • Check-box mentality threats Step 1: • Collect data needed • Security tools Legacy for compliance integration providing • Tactical tools with technical visibility Approach • Security is “necessary compliance reporting evil” Information • No monitoring Technology • Reactive and tactical point products “Security management is going to be baked into many layers of business operations. That’s what I’m seeing in my organization.” - Member, RSA Security Management Working Group EMC CONFIDENTIAL—INTERNAL USE ONLY 25
  • 26. In Action: Critical Incident Response Center EMC Critical Incident Response Center, Bedford, MA Integrated Business Context Process Automation Visibility Approach EMC CONFIDENTIAL—INTERNAL USE ONLY 26
  • 27. Next Steps and Resources • Round Table Discussion on Privacy • Incident Management Solution Brief • Privacy Survey • eGRC White Paper • Ovum Research EMC CONFIDENTIAL—INTERNAL USE ONLY 27
  • 29. These backup slides just provide more product details on the 4 steps EMC CONFIDENTIAL—INTERNAL USE ONLY 29
  • 30. Step 1: Security Risk Management Context Identification Assessment Mitigation Establishment Archer • Capture and relate risks to business objectives • Import data from vulnerability assessments, threat feeds (eGRC) • Build and deliver online assessments • Resolve findings to reduce risk to tolerable levels DLP • Map DLP policies to business policies • Identify sensitive data in vulnerable locations • Just-in-time education of end-users reduce future risks NetWitness • Risk-based identification of malicious code EMC CONFIDENTIAL—INTERNAL USE ONLY 30
  • 31. Step 2: Operations Management Control Configuration Operation Monitoring Standards Archer • Control Standards: 900+ standards • Configuration: 4500+ control procedures (eGRC) • Monitoring: 8500+ question library enVision • Real-time monitoring from the most event sources • Reporting: 1200+ out of box reports (SIEM) EMC CONFIDENTIAL—INTERNAL USE ONLY 31
  • 32. Step 3: Incident Management Collection/ Correlation/ Investigation Remediation Detection Prioritization Archer • Business-level incident management including Legal, HR, BUs enVision • Unmatched depth and breadth of event collection (SIEM) • Some of the largest SIEM deployments in the world • Prioritize by vulnerability feeds and watch lists NetWitness • Capture and visualize all network traffic for real time analysis • Unparalleled network forensics DLP • Data-centric view of policy violations everywhere • Automatically quarantine emails, block file transfers EMC CONFIDENTIAL—INTERNAL USE ONLY 32
  • 33. Step 4: Business-Driven Management IT Risk Operations Incident Management Management Management RSA Archer eGRC Suite • Central repository for policies, risks, and incidents • All data presented in business context • Integration with key security systems • Comprehensive audits and reports EMC CONFIDENTIAL—INTERNAL USE ONLY 33