ECONOMICS, SECURITY MANAGEMENT AND THE FUTURE INTERNET. Simon Shiu HP Labs 15 th April 2010

Size: px
Start display at page:

Download "ECONOMICS, SECURITY MANAGEMENT AND THE FUTURE INTERNET. Simon Shiu HP Labs 15 th April 2010"

Transcription

1 ECONOMICS, SECURITY MANAGEMENT AND THE FUTURE INTERNET Simon Shiu HP Labs 15 th April Copyright Copyright 2010 Hewlett-Packard 2010 Development Development Company, Company, L.P. L.P.

2 SYNOPSIS OF THIS TALK The Application of Economic Methods to Enterprise Security Management Early work on the Application of Economic Methods to Cloud Information Stewardship Some personal thoughts on the relevance of Economic Methods to Security Management in the future internet 2

3 Malware Reports? Y Patch Available? N Workaround Available? Y Implement Workaround Malware Y N Accelerate? Y Exploit Available N Exposed? Early Mitigation? Deploy Mitigation Y Y Vulnerability Disclosed Vulnerability Assessment Test Solution Patch Deployment Accelerated Patching Emergency Patching Patch Available TODAYS SECURITY MANAGEMENT LIFECYCLE Economics/ Threats/ Investments Policy, process, people, technology & operations Proportion of vulnerabilities Risk reduced window (from disclosure time) across all vulnerabilities timeline Security Analytics Assurance & Situational Awareness Personal Environment Win/Lx/OSX Trusted Hypervisor Home Banking E-Govt Intf. Remote IT Mgmt Corporate Productivity OS Corporate Production Environment OS Corp. Soft Phone Trusted Infrastructure 3

4 PROBLEMS WITH SECURITY INVESTMENTS Security Investments affect multiple outcomes: budget, confidentiality, integrity, availability, In most situations these outcomes can only be predicted with high degrees of uncertainty Often the outcomes are inter-related (trade-off) and the link to investments is poorly understood Classical business justification/due diligence (Return on Security Investment, cost benefit analysis) encourages these points to be glossed over 4

5 ECONOMIC FRAMING: AN ANALOGY 5 The Central Bank problem How to set the interest rate to achieve satisfactory levels of inflation (f) and unemployment (e). Satisfactory is defined by a utility (or loss) function, such as: U(e,f) = F(e e*) + G(f f*) + The Security Management problem How to invest in security to achieve satisfactory levels of confidentiality (C) and availability (A) And then there is the limited budget.

6 PREFERENCE ELICITATION (CONSTRUCTION?) Structured Discussion (framed by initially provided components) Confidentiality Availability Cost Impact of Breaches Assurance Affect on Capital Operational Expense Expense # of Breaches # detected Breaches SLA violations F(capex,opex) 6 Agreed proxies for our utility components

7 OUR METHODOLOGY Problem Architectur e Preferences Problem System Model components of utility Utility things to measure problem refinement consequences of preferences 7

8 THE CLOUD ECO-SYSTEM Consumer Small Business Enterprise Government Department Pure Consumers Simple ISP Bundled ISP Integrated ISP Consumer/ Providers 8 CPU Infrastructur e Secure Archive Storage 24*7 Available Storage Pure Providers

9 STEWARDSHIP IN THE CLOUD ECO- SYSTEM Consumer Small Business Enterprise Government Department requirements expectations Simple ISP Bundled ISP Integrated ISP Confidentiality Integrity Availability incentives CPU Infrastructur e Secure Archive Storage 24*7 Available Storage Obligations preferences 9

10 CLOUD STEWARDSHIP ECONOMICS Key ideas that are guiding our empirical work Information Asymmetry As the service provider I know more about the costs and risks of handling your data than you or any regulator Externalities; Public/Club Goods Being secure costs me more than I gain, even though others in the community gain too. Heterogeneity of services & users How do we value bundled security characteristics & develop associated product and pricing strategies As well as applying preference, utility, system modelling to this context 10

11 FOUNDATIONS OF TRUST IN THE FUTURE INTERNET My Current Views Left unchecked the (IT) services market will prioritize low cost and flexibility with bad security externality effects To counter this we need organisations to become much more explicit about their (current and future) information security lifecycle and needs Sharing security information is already hard it will be harder in the services eco-system Enterprise Security Lifecycle We should think more about how adjusting incentives can improve this situation 11

12 Q&A 12

Using Security Metrics Coupled with Predictive Modeling and Simulation to Assess Security Processes

Using Security Metrics Coupled with Predictive Modeling and Simulation to Assess Security Processes Using Security Metrics Coupled with Predictive Modeling and Simulation to Assess Security Processes Yolanta Beres, Marco Casassa Mont, Jonathan Griffin, Simon Shiu Systems Security Lab 2008 Hewlett-Packard

More information

Changing the Enterprise Security Landscape

Changing the Enterprise Security Landscape Changing the Enterprise Security Landscape Petr Hněvkovský Presales Consultant, ArcSight EMEA HP Enterprise Security Products 2012 Hewlett-Packard Development Company, L.P. The information contained herein

More information

IBM X-Force 2012 Cyber Security Threat Landscape

IBM X-Force 2012 Cyber Security Threat Landscape IBM X-Force 2012 Cyber Security Threat Landscape 1 2012 IBM Corporation Agenda Overview Marketing & Promotion Highlights from the 2011 IBM X-Force Trend and Risk Report New attack activity Progress in

More information

Mobility. Exploiting and Maintaining the New Face of Engagement. Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015

Mobility. Exploiting and Maintaining the New Face of Engagement. Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015 Mobility Exploiting and Maintaining the New Face of Engagement Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained

More information

Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs

Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration. Tomas Sander HP Labs Session 3: IT Infrastructure Security Track ThreatExchange Winning through collaboration Tomas Sander HP Labs Forward Looking Statements Rolling roadmap up to three years and is subject to change without

More information

HP Customer Support. Remote Server Management. an Outtasking Solution Outline

HP Customer Support. Remote Server Management. an Outtasking Solution Outline HP Customer Support Remote Server Management an Outtasking Solution Outline Andreas Meinert Support Solution Architect DataCenter Solution Services, HP Germany 2004 Hewlett-Packard Development Company,

More information

INSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures.

INSIDE. Management Process. Symantec Corporation TM. Best Practices Roles & Responsibilities. Vulnerabilities versus Exposures. Symantec Corporation TM Symantec Product Vulnerability Management Process Best Practices Roles & Responsibilities INSIDE Vulnerabilities versus Exposures Roles Contact and Process Information Threat Evaluation

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

HP S POINT OF VIEW TO CLOUD

HP S POINT OF VIEW TO CLOUD HP S POINT OF VIEW TO CLOUD Frank Bloch Director Technology Consulting 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice 3 GLOBAL MEGA

More information

Accountability Model for Cloud Governance

Accountability Model for Cloud Governance Accountability Model for Cloud Governance Massimo Felici, Hewlett-Packard Laboratories CSP Forum 2014, Athens, 21-22 May 2014 Overview Problem of Data Governance Data Governance in the Cloud Accountability

More information

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination

More information

Helix Nebula: Secure Brokering of Cloud Resources for escience. Dr. Jesus Luna Garcia

Helix Nebula: Secure Brokering of Cloud Resources for escience. Dr. Jesus Luna Garcia Helix Nebula: Secure Brokering of Cloud Resources for escience Dr. Jesus Luna Garcia Outline Background The Blue-Box architecture Security Goals and Requirements Let s imagine Why a Public-Private Partnership

More information

How To Understand The Value Of Cloud Computing For An Enterprise Company

How To Understand The Value Of Cloud Computing For An Enterprise Company Cloud beyond limits Lorenzo Gonzales Strategist, HP Enterprise Group EMEA Opportunities or challenges? Always growing connections Immediate responses are expected Change is part of the system Interactions

More information

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊

應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 應 用 SIEM 偵 測 與 預 防 APT 緩 攻 擊 HP Enterprise Security 林 傳 凱 (C. K. Lin) Senior Channel PreSales, North Asia HP ArcSight, Enterprise Security 1 Rise Of The Cyber Threat Enterprises and Governments are experiencing

More information

This presentation contains some information about future Veeam product releases, the timing and content of which are subject to change without

This presentation contains some information about future Veeam product releases, the timing and content of which are subject to change without This presentation contains some information about future Veeam product releases, the timing and content of which are subject to change without notice. Storage Trends in SMB Optimizing Data Footprint

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

IBM X-Force 2012 Cyber Security Threat Landscape

IBM X-Force 2012 Cyber Security Threat Landscape IBM X-Force 2012 Cyber Security Threat Landscape Johan Celis X-Force R&D Spokesperson Security Channel Sales Leader BeNeLux 1 Mission IBM Security Systems To protect our customers from security threats

More information

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security Securing business data CNS White Paper Cloud for Enterprise Effective Management of Data Security Jeff Finch, Head of Business Development, CNS Mosaic 2nd July 2015 Contents 1 Non-Disclosure Statement...

More information

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security

CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security CaaS Think as a bad guy Petr Hněvkovský, CISA, CISSP HP Enterprise Security 1 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

End of Support Should Not End Your Business. Challenge of Legacy Systems

End of Support Should Not End Your Business. Challenge of Legacy Systems End of Support Should Not End Your Business When software vendors announce a product end-of-life (EOL), customers typically have 24 to 30 months to plan and execute their migration strategies. This period

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

Security Touchpoints When Acquiring Software. Dr Carsten Huth Nadim Barsoum Dawid Sroka

Security Touchpoints When Acquiring Software. Dr Carsten Huth Nadim Barsoum Dawid Sroka Security Touchpoints When Acquiring Software Dr Carsten Huth Nadim Barsoum Dawid Sroka 2 Topics Context Problem Definition SDLC and Security Touchpoints Acquisition Process Conclusions 3 Acknowledgement

More information

Closing the Vulnerability Gap of Third- Party Patching

Closing the Vulnerability Gap of Third- Party Patching SOLUTION BRIEF: THIRD-PARTY PATCH MANAGEMENT........................................ Closing the Vulnerability Gap of Third- Party Patching Who should read this paper IT Managers who are trying to manage

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

Hacking Crisis Highlights Crypto Chaos

Hacking Crisis Highlights Crypto Chaos TREND ADVISOR: Hacking Crisis Highlights Crypto Chaos Four Data Traffic Security Challenges Exposing Enterprises to Hack Attacks IT departments were battered by a cybersecurity perfect storm in 2014. While

More information

Modernizing the Infrastructure: Cloud Computing, Green IT Mickey Zandi, Ph.D. Managing Director

Modernizing the Infrastructure: Cloud Computing, Green IT Mickey Zandi, Ph.D. Managing Director Modernizing the Infrastructure: Cloud Computing, Green IT Mickey Zandi, Ph.D. Managing Director www.sungardas.com Agenda Issues Motivations Market Trends Starting Point 2010 SunGard. www.sungardas.com

More information

Cloud Security Specialist Certification Self-Study Kit Bundle

Cloud Security Specialist Certification Self-Study Kit Bundle Cloud Security Specialist Certification Bundle CloudSchool.com CLOUD CERTIFIED Technology Professional This certification bundle provides you with the self-study materials you need to prepare for the exams

More information

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Becoming a Cloud Services Broker Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013 Hybrid delivery for the future Traditional IT Evolving current state Future Information

More information

Information Security for the Rest of Us

Information Security for the Rest of Us Secure Your Way Forward. AuditWest.com Information Security for the Rest of Us Practical Advice for Small Businesses Brian Morkert President and Chief Consultant 1 Introduction President Audit West IT

More information

SEIZE THE DATA. 2015 SEIZE THE DATA. 2015

SEIZE THE DATA. 2015 SEIZE THE DATA. 2015 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. BIG DATA CONFERENCE 2015 Boston August 10-13 Predicting and reducing deforestation

More information

Matthias Kuemmel, HP Imaging and Printing Group. Date: 24/05/2011

Matthias Kuemmel, HP Imaging and Printing Group. Date: 24/05/2011 Cloud Services Threat or Chance? Matthias Kuemmel, HP Imaging and Printing Group Date: 24/05/2011 Agenda Cloud Computing what is it? HP Cloud Strategy and Solutions Cloud Printing current state Example:

More information

Virtual Patching: a Proven Cost Savings Strategy

Virtual Patching: a Proven Cost Savings Strategy Virtual Patching: a Proven Cost Savings Strategy An Ogren Group Special Report December 2011 Executive Summary Security executives, pushing the limits of traditional labor-intensive IT patch processes

More information

The promise of SDN. EU Future Internet Assembly March 18, 2014. Yanick Pouffary Chief Technologist HP Network Services

The promise of SDN. EU Future Internet Assembly March 18, 2014. Yanick Pouffary Chief Technologist HP Network Services The promise of SDN EU Future Internet Assembly March 18, 2014 Yanick Pouffary Chief Technologist HP Network Services Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

CCIT Technical Support Policy

CCIT Technical Support Policy Executive Summary In order to ensure that your experience with CCIT is as effective and efficient as possible, CCIT outlines in this policy its technical support process, request submission mechanisms,

More information

Secure Software Development Lifecycle. Security... Not getting better

Secure Software Development Lifecycle. Security... Not getting better Secure Software Development Lifecycle This lecture provides reference material for the book entitled The Art of Software Security Testing by Wysopal et al. 2007 This lecture material is copyrighted by

More information

Enterprise Apps: Bypassing the Gatekeeper

Enterprise Apps: Bypassing the Gatekeeper Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that

More information

APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING

APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING Katie Moussouris Senior Security Strategist Microsoft Security Response Center http://twitter.com/k8em0 (that s a zero) Session ID: ASEC-T18

More information

Security Operation Centre 5th generation

Security Operation Centre 5th generation Security Operation Centre 5th generation transition Cezary Prokopowicz Regional Manager SEE HP Enterprise Security Products 2 3 4 5 Challenges you are facing 1 Nature and motivation of attacks (Fame to

More information

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

Continuous???? Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. ???? 1 Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Application Delivery is Accelerating Surge in # of releases per app

More information

HEALTHCARE IN THE CLOUD

HEALTHCARE IN THE CLOUD HEALTHCARE IN THE CLOUD Baldur Johnsen, Director Healthcare Provider Product Management Office of Strategy & Technology HP Business Solutions Organization 2010 Hewlett-Packard Development Company, L.P.

More information

External Supplier Control Requirements

External Supplier Control Requirements External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must

More information

Taking control of the virtual image lifecycle process

Taking control of the virtual image lifecycle process IBM Software Thought Leadership White Paper March 2012 Taking control of the virtual image lifecycle process Putting virtual images to work for you 2 Taking control of the virtual image lifecycle process

More information

Anatomy of a Healthcare Data Breach

Anatomy of a Healthcare Data Breach BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared

More information

HP Adaptive Backup and Recovery

HP Adaptive Backup and Recovery HP Adaptive Backup and Recovery Addressing Your BURA Strategy Today Reflects Your Business Purposes Tomorrow Scott Baker - Director, Enterprise Data Protection Andrew Dickerson Senior Manager, Backup,

More information

Sample Vulnerability Management Policy

Sample Vulnerability Management Policy Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director

More information

Strategies for assessing cloud security

Strategies for assessing cloud security IBM Global Technology Services Thought Leadership White Paper November 2010 Strategies for assessing cloud security 2 Securing the cloud: from strategy development to ongoing assessment Executive summary

More information

HP Cloud OS. Платформа OpenStack корпоративного уровня. Иван Кровяков Архитектор облачных решений HP Центральная и Восточная Европа

HP Cloud OS. Платформа OpenStack корпоративного уровня. Иван Кровяков Архитектор облачных решений HP Центральная и Восточная Европа HP Cloud OS Платформа OpenStack корпоративного уровня Иван Кровяков Архитектор облачных решений HP Центральная и Восточная Европа What is OpenStack Software Massively scalable cloud operating system that

More information

Managing the Challenges of Cloud Management November 7, 2013

Managing the Challenges of Cloud Management November 7, 2013 Copyright 2013 Vivit Worldwide Managing the Challenges of Cloud Management November 7, 2013 Brought to you by Copyright 2013 Vivit Worldwide Hosted by Mihai Grigorescu Vivit Chapter Leader South Africa

More information

How To Protect A Virtual Desktop From Attack

How To Protect A Virtual Desktop From Attack Endpoint Security: Become Aware of Virtual Desktop Infrastructures! An Ogren Group Special Report May 2011 Executive Summary Virtual desktops infrastructures, VDI, present IT with the unique opportunity

More information

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015 NEXPOSE ENTERPRISE METASPLOIT PRO Effective Vulnerability Management and validation March 2015 KEY SECURITY CHALLENGES Common Challenges Organizations Experience Key Security Challenges Visibility gaps

More information

Cloud App Security. Tiberio Molino Sales Engineer

Cloud App Security. Tiberio Molino Sales Engineer Cloud App Security Tiberio Molino Sales Engineer 2 Customer Challenges 3 Many Attacks Include Phishing Emails External Phishing attacks: May target specific individuals or companies Customer malware or

More information

Teradata and Protegrity High-Value Protection for High-Value Data

Teradata and Protegrity High-Value Protection for High-Value Data Teradata and Protegrity High-Value Protection for High-Value Data 03.16 EB7178 DATA SECURITY Table of Contents 2 Data-Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:

More information

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services

Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Secure Clouds - Secure Services Trend Micro best-in-class solutions enable data center to deliver trusted and secure infrastructures and services Udo Schneider Trend Micro Udo_Schneider@trendmicro.de 26.03.2013

More information

HP Software, Big Data Rethinking Data Protection

HP Software, Big Data Rethinking Data Protection HP Software, Big Data Rethinking Data Protection EPIC Technology Day, November 19 th, 2014 HP Software The 6th largest software company in the world Applications Delivery Management IT Operations Management

More information

Zak Khan Director, Advanced Cyber Defence

Zak Khan Director, Advanced Cyber Defence Securing your data, intellectual property and intangible assets from cybercrime Zak Khan Director, Advanced Cyber Defence Agenda (16 + optional video) Introduction (2) Context Global Trends Strategic Impacts

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

Data Security Best Practices & Reasonable Methods

Data Security Best Practices & Reasonable Methods Data Security Best Practices & Reasonable Methods September 2013 Mike Tassey Technical Security Advisor Privacy Technical Assistance Center (PTAC) http://ptac.ed.gov/ E-mail: PrivacyTA@ed.gov Phone: 855-249-3072

More information

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Stop advanced targeted attacks, identify high risk users and control Insider Threats TRITON AP-EMAIL Stop advanced targeted attacks, identify high risk users and control Insider Threats From socially engineered lures to targeted phishing, most large cyberattacks begin with email. As these

More information

2012 Application Security Gap Study: A Survey of IT Security & Developers

2012 Application Security Gap Study: A Survey of IT Security & Developers 2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part

More information

Public Cloud Security: Surviving in a Hostile Multitenant Environment

Public Cloud Security: Surviving in a Hostile Multitenant Environment Public Cloud Security: Surviving in a Hostile Multitenant Environment SESSION ID: EXP-R01 Mark Russinovich Technical Fellow Windows Azure, Microsoft @markrussinovich The Third Computing Era Security Could

More information

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance

More information

Bridge Development and Operations for faster delivery of applications

Bridge Development and Operations for faster delivery of applications Technical white paper Bridge Development and Operations for faster delivery of applications HP Continuous Delivery Automation software Table of contents Application lifecycle in the current business scenario

More information

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION

REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION REMOVING THE BARRIERS FOR DATA CENTRE AUTOMATION The modern data centre has ever-increasing demands for throughput and performance, and the security infrastructure required to protect and segment the network

More information

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise 1. Introduction Information security means protecting information

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Protecting the un-protectable Addressing Virtualisation Security Challenges

Protecting the un-protectable Addressing Virtualisation Security Challenges Protecting the un-protectable Addressing Virtualisation Security Challenges Paul Hogan, Technical Director, Ward Solutions November 11, 2010 Top Cloud Security Challenges Secure Virtualisation Need secure

More information

BUILDING AN EFFECTIVE VULNERABILITY MANAGEMENT PROGRAM. Henrik Åkerstrand Account Executive Nordics

BUILDING AN EFFECTIVE VULNERABILITY MANAGEMENT PROGRAM. Henrik Åkerstrand Account Executive Nordics BUILDING AN EFFECTIVE VULNERABILITY MANAGEMENT PROGRAM Henrik Åkerstrand Account Executive Nordics WHY is vulnerability management important? WHAT are some considerations you should make? HOW can we help

More information

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy: Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance

More information

Welcome Back Roberto Casetta, Snr. Vice President International. The Story Behind The Crystal Pete Daw, Cities Urban Developer Siemens Plc

Welcome Back Roberto Casetta, Snr. Vice President International. The Story Behind The Crystal Pete Daw, Cities Urban Developer Siemens Plc Agenda Overview 9:00am General Session Auditorium 13:30pm General Session Auditorium 16:30pm General Session Auditorium 09:00 Welcome am Roberto Casetta, Snr. Vice President International 9:15am HEAT Software

More information

Virtual Application Networks Innovations Advance Software-defined Network Leadership

Virtual Application Networks Innovations Advance Software-defined Network Leadership Virtual Application Networks Innovations Advance Software-defined Network Leadership Simplifying, Scaling and Automating the Network Bethany Mayer Senior Vice President and General Manager HP Networking

More information

REVAMP YOUR IT CAREER AS A CLOUD SECURITY EXPERT

REVAMP YOUR IT CAREER AS A CLOUD SECURITY EXPERT REVAMP YOUR IT CAREER AS A CLOUD SECURITY EXPERT Here s a ringside view of some exciting and challenging careers in the cloud security realm. The advent of the cloud, which was once a niche concept, has

More information

The Next Generation Data Centers: SPECS and The 3 rd Platform.

The Next Generation Data Centers: SPECS and The 3 rd Platform. The Next Generation Data Centers: SPECS and The 3 rd Platform. Dr. Silvio La Porta Senior Research Scientist EMC Research Europe Dr. Said Tabet Senior Technology Strategist Corporate CTO Office, EMC 1

More information

Software Asset Management (SWAM) Capability Description

Software Asset Management (SWAM) Capability Description Software Asset Management (SWAM) Capability Description Purpose Provides an organization visibility into the software installed and operating on their network(s) so they can appropriately manage authorized

More information

AUTHOR: REVISION BY: ADS Lead/Manager ESYS Windows OSA

AUTHOR: REVISION BY: ADS Lead/Manager ESYS Windows OSA INFORMATION RESOURCES APPLICATIONS AND DATA SERVICES PROCESS NAME: ADS Web Application Release Management ORIGINAL DOCUMENT DATE: 10/2/2014 AUTHOR: Jim Nelson PROCESS OWNERS: ADS Lead/Manager LAST REVISION:

More information

Cloud Security Who do you trust?

Cloud Security Who do you trust? Thought Leadership White Paper Cloud Computing Cloud Security Who do you trust? Nick Coleman, IBM Cloud Security Leader Martin Borrett, IBM Lead Security Architect 2 Cloud Security Who do you trust? Cloud

More information

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise HP ENTERPRISE SECURITY Protecting the Instant-On Enterprise HP SECURITY INTELLIGENCE AND RISK MANAGEMENT PLATFORM Advanced Protection Against Advanced Threats 360 Security Monitoring to Detect Incidents

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

AUTOMATION. Tihomir Hrastovscak HP Software

AUTOMATION. Tihomir Hrastovscak HP Software HP CLOUD SERVICE AUTOMATION Tihomir Hrastovscak HP Software Presales consultant THE CLOUD ADVANTAGE What the business expects Encourages standard 68.5% systems Pay only for what 77.9% you use Easy/fast

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking

Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Sikkerhet Network Protector SDN app Geir Åge Leirvik HP Networking Agenda BYOD challenges A solution for BYOD Network Protector SDN matched with industry leading service How it works In summary BYOD challenges

More information

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110 Exam Information Candidate Eligibility: The CyberSec First Responder: Threat Detection and Response (CFR) exam

More information

UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY

UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY Antivirus Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Originator Recommended by Director

More information

1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5

1 Introduction... 2 2 Product Description... 3 3 Strengths and Challenges... 5 4 Copyright... 5 KuppingerCole Report EXECUTIVE VIEW by Alexei Balaganski May 2015 is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform

More information

HP and netforensics Security Information Management solutions. Business blueprint

HP and netforensics Security Information Management solutions. Business blueprint HP and netforensics Security Information Management solutions Business blueprint Executive Summary Every day there are new destructive cyber-threats and vulnerabilities that may limit your organization

More information

Risk-Ops at Scale: Framework Operationalization to Address Business Risk

Risk-Ops at Scale: Framework Operationalization to Address Business Risk SESSION ID: GRC-T08 Risk-Ops at Scale: Framework Operationalization to Address Business Risk Eddie Block Chief Information Security Officer State of Texas @jurishacker Nancy Rainosek Statewide GRC Program

More information

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE Originator Patch Management Policy Approval and Version Control Approval Process: Position or Meeting Number: Date: Recommended by Director

More information

Cloud Virtualization Specialist Certification Self-Study Kit Bundle

Cloud Virtualization Specialist Certification Self-Study Kit Bundle Cloud Virtualization Specialist Certification Bundle A Certified Cloud Virtualization Specialist has proven knowledge and proficiency with the technologies, mechanisms, platforms, and practices based upon

More information

The future Cloud. Peter H. Moser, Jr. Manager, Portfolio Architects & Account CTOs

The future Cloud. Peter H. Moser, Jr. Manager, Portfolio Architects & Account CTOs The future Cloud Computing? Peter H. Moser, Jr. Manager, Portfolio Architects & Account CTOs 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without

More information

Improving Customer Communications by Proper Personalization

Improving Customer Communications by Proper Personalization Improving Customer Communications by Proper Personalization Paweł Walczak Commercial Account Manager for CEE HP Exstream March 13, 2015 The Customer is the most important. There is just one boss. The customer.

More information

How To Protect Your Mobile Device From Attack

How To Protect Your Mobile Device From Attack Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000

More information

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations

More information

Architecture & Experience

Architecture & Experience Architecture & Experience Data Mining - Combination from SAP HANA, R & Hadoop Markus Severin, Solution Principal Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

NATO Cyber Security Capabilities & Industry Opportunities Building on Solid Foundations. Ian J West Chief, Cyber Security

NATO Cyber Security Capabilities & Industry Opportunities Building on Solid Foundations. Ian J West Chief, Cyber Security 1 NATO Cyber Security Capabilities & Industry Opportunities Building on Solid Foundations Ian J West Chief, Cyber Security Ian.west@ncia.nato.int 2 NATO UNCLASSIFIED Cyber Security Service Line Ian West

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Storage Cloud Infrastructures

Storage Cloud Infrastructures Storage Cloud Infrastructures Detection and Mitigation of MITM Attacks Presenter: Jaqueline Carmilema CyberSecurity for the Next Generation South American Round, Quito 31 January 1 February, 2013 PAGE

More information

Overview TECHIS60241. Carry out risk assessment and management activities

Overview TECHIS60241. Carry out risk assessment and management activities Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection

More information