This presentation is focus on 3 areas - Improving the overall security posture of the company, Effective management of outsource service providers and work prioritization. Hope some of these ideas will help someone...
3 focus areas for any organisation's IT & Security department
1. Prepared by Sandeep Jaryal
3 Focus areas for any organisation’s
IT & Security department
2. 3 Focus Areas
• Improve Overall Security Posture of the Company
• Effective Management of Outsource Service Provider
• Prioritisation between the Strategic and the BAU activities
3. • Top management buy-in (Top- down approach) – Good governance
and support from Top Management is a key
• Organisational structure – Clearly defined roles and responsibilities of
each individual, appoint a CISO, InfoSec Manager who can partner with top
management to develop security program and drive this cultural change
• Security controls – Do the risk calculation and implement effective
Technical, Operational and Management controls accordingly
• Effective communication – Educate your employees
• Readiness – Are we ready to respond to an incident
effectively? We’ll cover that in the next slide
• Last but not the least, patience – don’t expect
perfect posture overnight!
Its Not Too Late To Improve Your Security Posture!!!
4. • Establish a Team – key members from each business unit to make
quick and right decisions
• Identify tools and requirements
• Fine-tune alerting mechanism
• Define standard operating procedures – How are incidents
reported? Classification, declaration criteria, escalation tree, who to
involve and when?
• Agree authority of IRT
• Establish external relationships
– Hosting providers, Forensic, Legal, Suppliers etc.
• Test your Incident response plan
• Review, measure and improve
Readiness – Incident Response Plan
7. • Self-auditing program (conduct regular internal audit)
• Pay attention to any IT legacy systems or applications
• Ensure DR and BCP are up-to-date and reviewed regularly
• Keep your documents up-to-date
• Be aware of any regulatory changes in your industry
Meeting Compliance and Audit Needs
8. • Share your business vision and goals with your outsourced
service provider
• Sync up regularly – conf calls, video chats or visiting their
office
• Treat outsourced member of your team with respect
• Ensure skill and knowledge transfer
• Clearly define targets and SLAs
• Establish performance measurement metrics
Effective Management of Outsource Service Provider
9. • Identify goals/activities
• Classify into strategic and day-to-day (BAU)
activities
• Develop prioritisation criteria (Can use
SWOT analysis to prioritise)
- Mission-critical: Most deserving of precious resources at this time
- Important: Will pursue now but with less emphasis than initiatives deemed mission-
critical
- Wait-listed: Will tackle as soon as resources are freed up from initiatives in categories 1
and 2
- On hold: Will not undertake or plan for this time
• Evaluate
Prioritisation between the strategic and the day-to-
day activities