The relationship between technology advancements and business
|
|
- Elaine Mason
- 8 years ago
- Views:
Transcription
1 Security Information Management Programs: Lessons Learned and Best Practices Revealed JUSTIN SOMAINI AND ALAN HAZLETON This article introduces the often overlooked aspects of an end-to-end, organizational implementation approach or program for an effective information security management system. The relationship between technology advancements and business threats can be traced back to the evolution of piracy and the early days of maritime commerce on the Mediterranean Sea. Starting sometime around 500 B.C., early adopter Greek pirates leveraged tech- Justin Somaini, Chief Information Security Officer for Symantec Corporation, leads its Information Security group, which is responsible for information security governance and risk management, privacy, and threat response. Most recently, he was the Director of Information Security at VeriSign, Inc., where he was responsible for all aspects of information security. Alan Hazleton, a Senior Advisor with TPI, has extensive expertise in helping clients with the full sourcing life cycle; reviewing strategic alternatives and priorities; structuring contracts; and implementing third-party service provider solutions. Mr. Hazelton has a particular focus on assessing existing application development and maintenance organizations as well as information security management organizations and assisting with initial implementation and long-term operational management. Mr. Hazleton can be reached at alan.hazleton@tpi.net. 654
2 SECURITY INFORMATION MANAGEMENT PROGRAMS nology advancements in the form of faster, shallow-bottomed vessels (triremes) and successfully attacked shipping lanes in the Mediterranean by escaping from larger vessels into shallow waters. Later, Northern European Vikings employed fast, shallow-bottomed vessels (longships) to traverse inland waterways to attack villages with dual-edged axes and swords. Pirates continued to leverage technology throughout history, right up to today s digital age, where piracy can be found in the illegal duplication and distribution of copyrighted content on the Internet. The pillaging of the ancient Vikings to today s digital pirates illustrates that as technology matures and helps to provide more strategic business opportunities, the threats to an enterprise can also increase. Threats emanate from many different origins including competitors, organized crime, climatic elements, political unrest, as well as technologysavvy individuals connected to an ever-increasing global network of online communities. Even if a business does not have a global base of operations, it faces a vast array of technology-driven threats from all over the world. Defining the threats facing an enterprise is as critical as defining opportunities for revenue expansion. Of course, establishing preventive measures against threats is the end-state goal. A threat must be defined in order to develop an adequate defense. THE ISO STANDARD One of the most widely adopted industry best practices for security management is the ISO/IEC standard published by the International Standards Organization ( ISO ). This standard, based on the earlier standard ISO 17799, defines in detail the concept of an information security management system ( ISMS ). ISO/IEC is designed to assist organizations with implementation of a continuously improving system of security controls. In order for commercial enterprises to protect the integrity of information critical to the longevity of their business, they must implement a comprehensive, measurable, continuously improving, and proactive ISMS. These programs should be based on best practices and, most important, must be designed to provide a consistent feedback mechanism 655
3 PRIVACY & DATA SECURITY LAW JOURNAL for not only critical alerts but also continuous improvement. This article introduces the often overlooked aspects of an end-to-end, organizational implementation approach or program for an effective ISMS. In response to the increasing level of technology-based threats to businesses, governments, and individual consumers, a wide variety of legislative policies have been designed and enacted to influence businesses to address security threats or face significant financial penalties. Through increasingly prescriptive information security and privacy legislation, executive management teams and corporate directors not only face the threat of losing revenue, stockholders equity, brand equity, intellectual property, and customers, but also risk personal loss of freedom from legislative accountability. Establishing an effective information security management program ( ISMP ) has become one of the most important objectives of any corporate strategy. THE PDCA MODEL The adoption of the Plan-Do-Check-Act ( PDCA ) model, 1 which is applied to structure all ISMS processes, is critical to implementing an ISMP. Unfortunately, a large number of security programs today are operating in more of a Plan-Do-React ( PDR ) model because they are inadequately addressing critical components of the ISMS. Several reasons underpin the challenges of PDCA and the overall lack of process maturity in the security industry today; however, it is not due to lack of standards defined in the ISO/IEC There are many variables that can impact the creation of an effective ISMP. Without a clear understanding of the inputs necessary to create the ISMP strategy, an information security team will experience difficulty in developing and tailoring a cogent and effective strategy that incorporates a company s unique requirements and helps the business achieves its goals. In addition, without a clear definition of success or the end-state goals of the program, it is very difficult to develop a relevant ISMS strategy. Here we outline common pitfalls, misconceptions, and challenges associated with ISMP design. 656
4 SECURITY INFORMATION MANAGEMENT PROGRAMS Lesson One: ISMSs Do Not Typically Fail Due To Difficulty Understanding or Implementing Technology Let s take an example from the application development world. Many application development projects fail to meet customer expectations, not because of an inability to conquer technology issues, but more frequently due to a lack of process adherence (e.g., institutionalized systems development life cycles). Comparatively, technology is typically not the most important concern in implementing a successful ISMP. A significant percentage of ISMP challenges stem from individuals failing to adopt new policies or consistently follow established policies rather than from technology issues. For example, configuring a firewall is not seen as difficult from a technology perspective; however, ensuring that firewall rule sets are standardized, current, and implemented consistently is more difficult. Lesson Two: Comprehensive Security Policy Is But One of the Key Building Blocks to an Effective ISMS As any information security organization adopts new or revised processes or policies, there is typically a challenge with alignment to existing organizational processes or policies in addition to the organizational structure, roles, and responsibilities. Formalized and properly communicated security policies, procedures, and standards (policy) are critical to an effective ISMP implementation. Although critical, the existence of a formal security policy does not necessarily create a more secure environment or higher level of protection. Historically, it s been difficult to correlate policy maturity with a measurable level of enterprise security protection. A key challenge related to implementing security policy is how they are communicated, distributed, and made readily available. More important, what critical measures are established by an information security team to provide feedback regarding the level of awareness of the target user community? The institutionalization of policy is definitely one of the most challenging goals of enterprise information security organizations. Since a large percentage of security breaches are ultimately traced back to lack of adherence to policy, the environment fostered by an information security team is the single most important factor in securing an enterprise. 657
5 PRIVACY & DATA SECURITY LAW JOURNAL Lesson Three: To Successfully Design an ISMP, the Information Security Team Must Thoroughly Understand the Employee and Management Team s Opinions, Attitudes, and History With Respect to Enterprise Information Security In the next piece of this series, the process of conducting a gap analysis including an organizational assessment is discussed in detail. The discovery of the level of awareness, past experience with security, industry and corporate culture characteristics, and other important factors are critical to success. Examples of processes that must be thoroughly understood as input to the ISMP strategy include human resource management, project management, learning management, cultural empowerment, succession planning, performance evaluation, and incentive compensation. In order to develop a predictable and achievable strategy for a successful ISMP, a deep understanding of the current process environment is also critical. Even though technology is not the top concern in implementing a successful ISMP, the current state of other key operational processes must be understood to effectively tailor the strategy development process. Lesson Four: To Successfully Design an ISMP, the Information Security Team Must Thoroughly Understand the Current State of Operational Processes and Tools for IT Infrastructure and Application Development The discovery of the level of process maturity in other areas of information technology management through an operational assessment is also critical for success. Examples of processes that must be thoroughly understood as input to the ISMP strategy include service level management, incident management, problem management, event management, defect tracking, and root cause analysis. The following phases of an ISMP implementation have been identified as critical to the implementation of an effective ISMS: Phase 1: Assessment and Strategy 658
6 Phase 2: Triage and Tactical Initiatives Phase 3: Metrics and Awareness Phase 4: Technical and Process Maturity Phase 5: Assessment and Validation Phase 6: Strategic Initiatives SECURITY INFORMATION MANAGEMENT PROGRAMS In order to successfully complete the phases listed above, the information security team must develop a thorough understanding of where the current environment stands from a process maturity perspective as well as the work in process and planned work to increase the maturity level over the next several years. Another consideration often overlooked is the short-term and long-term strategy of where the business is evolving from a product, market, sourcing, or competitive perspective. All of these factors should influence the development of the ISMP. Focusing on organizational readiness, policies, procedures, processes, standards, and data integration will provide insight to IT executives, information security professionals, and other interested parties on the most critical areas to address when designing and implementing an effective information security program. CONCLUSION Technology-driven security threats are global in nature, and executive teams need to be savvy and take measures to ensure their business interests are adequately protected. Deploying an effective information security management program ( ISMP ) should be considered a cornerstone of an overall corporate strategy. NOTE 1 BS ISO/IEC 27001:2005, Information Security Information Security Management Systems Requirements, International Standards Organization,
In the launch of this series, Information Security Management
Information Security Management Programs: Operational Assessments Lessons Learned and Best Practices Revealed JUSTIN SOMAINI AND ALAN HAZLETON As the authors explain, a comprehensive assessment process
More informationIn the first three installments of our series on Information Security
Information Security Management Programs: Assessment Analysis Lessons Learned and Best Practices Revealed JUSTIN SOMAINI AND ALAN HAZLETON This article, the fourth in a series, expands on the overlooked
More informationHow To Implement Data Loss Prevention
Data Loss Prevention Implementation Initiatives THE HITACHI WAY White Paper By HitachiSoft America Security Solutions Group September, 2009 HITACHI SOFTWARE ENGINEERING AMERICA, LTD. Executive Summary
More informationSecurity Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.
Security Services A Solution for Providing BPM of Security Services within the Enterprise Environment. First steps towards Next Generations Operations (OPS) to drive Gross Margin Dear security colleagues,
More informationCisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.
Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able
More informationHow to implement an ISO/IEC 27001 information security management system
How to implement an ISO/IEC 27001 information security management system The March-April issue of ISO Management Systems reported positive user feedback on the new ISO/IEC 27001:2005 standard for information
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationThe Information Security Management System According ISO 27.001 The Value for Services
I T S e r v i c e M a n a g e m e n t W h i t e P a p e r The Information Security Management System According ISO 27.001 The Value for Services Author: Julio José Ballesteros Garcia Introduction Evolution
More informationassure the quality and availability of business services to your customers
SOLUTION BRIEF Service Assurance May 2010 assure the quality and availability of business services to your customers we can is a mature, integrated portfolio of management products for delivering exceptional
More informationOrganizing for Sourcing Excellence Insights for impact on profitability and revenue.
Organizing for Sourcing Excellence Insights for impact on profitability and revenue. The Transformation of Procurement Strategic decision making opportunities that can have immediate impact on profitability
More informationExecutive Management of Information Security
WHITE PAPER Executive Management of Information Security _experience the commitment Entire contents 2004, 2010 by CGI Group Inc. All rights reserved. Reproduction of this publication in any form without
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationTable of contents. Best practices in open source governance. Managing the selection and proliferation of open source software across your enterprise
Best practices in open source governance Managing the selection and proliferation of open source software across your enterprise Table of contents The importance of open source governance... 2 Executive
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationSeamless Mobile Security for Network Operators. Build a secure foundation for winning new wireless services revenue.
Seamless Mobile Security for Network Operators Build a secure foundation for winning new wireless services revenue. New wireless services drive revenues. Faced with the dual challenges of increasing revenues
More informationImplement a unified approach to service quality management.
Service quality management solutions To support your business objectives Implement a unified approach to service quality management. Highlights Deliver high-quality software applications that meet functional
More informationCloud Infrastructure Security Management
www.netconsulting.co.uk Cloud Infrastructure Security Management Visualise your cloud network, identify security gaps and reduce the risks of cyber attacks. Being able to see, understand and control your
More informationCyber ROI. A practical approach to quantifying the financial benefits of cybersecurity
Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9
More informationCloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1
Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...
More informationCost-Effective Alternatives to Software Asset Management. kpmg.com
Cost-Effective Alternatives to Software Asset Management kpmg.com Contents Executive Summary 1 Introduction 2 Key SAM issues 4 A cost-effective approach to SAM 6 Benefits of SAM 8 Conclusion 9 Cost-Effective
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationEBS. Remote Infrastructure Managed Services. EBS Ltd. 12, Mihail Tenev Str. 1784 Sofia Bulgaria +359 2 400 700 office@ebs.bg www.ebs.
EBS Remote Infrastructure Managed Services EBS Ltd. 12, Mihail Tenev Str. 1784 Sofia Bulgaria +359 2 400 700 office@ebs.bg www.ebs.bg IT departments are responsible for ensuring the performance and availability
More informationSymantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape
WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationAccenture Risk Management. Industry Report. Life Sciences
Accenture Risk Management Industry Report Life Sciences Risk management as a source of competitive advantage and high performance in the life sciences industry Risk management that enables long-term competitive
More informationCyber Security solutions
Cyber Security solutions The scenario IT security has become a highly critical issue for all businesses as a result of the growing pervasiveness and diffusion of ICT technology. Risks can arise both inside
More informationDriving Project Success with Organizational Change Management
Driving Project Success with Organizational Change Management Agenda Introductions & Objectives OCM Defined Driving Project Success with OCM Building an OCM Capability Case Study: OPRS ERM Program Speakers
More informationThe top 10 misconceptions about performance and availability monitoring
The top 10 misconceptions about performance and availability monitoring Table of contents Introduction................................................................ 3 The top 10 misconceptions about
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationInformation Security Managing The Risk
Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the
More informationBusiness Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise
Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise White Paper Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical
More informationOnboarding. Design Build Attract
Onboarding Design Build Attract The most critical time in an executive s career is the first 100 days in a new role. Executives promoted or hired into new roles are expected to not only find their way,
More informationTransforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency
EXECUTIVE BRIEF Service Operations Management November 2011 Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency agility made possible David Hayward Sr.
More informationSecurity solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.
Security solutions White paper Acquire a global view of your organization s security state: the importance of security assessments. April 2007 2 Contents 2 Overview 3 Why conduct security assessments?
More informationFirewall Administration and Management
Firewall Administration and Management Preventing unauthorised access and costly breaches G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Protects Systems and data... 2 Optimise firewall
More informationWhite Paper. IT Service Management Process Maps. Select Your Route to ITIL Best Practice
White Paper IT Service Process Maps Select Your Route to ITIL Best Practice Brian Johnson VP and WW ITIL Practice Manager, CA Inc. Nancy Hinich Solution Manager, Technical Services, CA Inc. Pete Waterhouse
More informationINFORMATION SECURITY STRATEGIC PLAN
INFORMATION SECURITY STRATEGIC PLAN UNIVERSITY OF CONNECTICUT INFORMATION SECURITY OFFICE 4/20/10 University of Connecticut / Jason Pufahl, CISSP, CISM 1 1 MISSION STATEMENT The mission of the Information
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationOVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.
Security PLAYBOOK OVERVIEW Today, security threats to retail organizations leave little margin for error. Retailers face increasingly complex security challenges persistent threats that can undermine the
More informationWhy customer experience matters more than ever for enterprise IT
Why customer experience matters more than ever for enterprise IT Greater pricing transparency and the rise of cloud services are among the changes giving end users more voice in technology buying decisions.
More informationIntel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security
Intel Security Professional Services Leveraging NIST Cybersecurity Framework (CSF): Complexity is the enemy of security David Brezinski, Professional Services, Enterprise Security Architect Agenda Overview
More informationLeverage Micro- Segmentation To Build A Zero Trust Network
A Forrester Consulting Thought Leadership Paper Commissioned By VMware July 2015 Leverage Micro- Segmentation To Build A Zero Trust Network Table Of Contents Executive Summary... 1 Current Security Implementations
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationPractical IT Service Management: Rapid ITIL Without Compromise
W H I T E P A P E R Practical IT Service : Rapid ITIL Without Compromise John Custy IT Service Consultant and Managing Consutant JPC Group Executive Summary All businesses face challenges providing the
More informationW H I T E P A P E R E d u c a t i o n a t t h e C r o s s r o a d s o f B i g D a t a a n d C l o u d
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R E d u c a t i o n a t t h e C r o s s r o a d s o f B i g D a t a a n d C l o
More informationISO 27001: Information Security and the Road to Certification
ISO 27001: Information Security and the Road to Certification White paper Abstract An information security management system (ISMS) is an essential part of an organization s defense against cyberattacks
More informationHow small and medium-sized enterprises can formulate an information security management system
How small and medium-sized enterprises can formulate an information security management system Royal Holloway Information Security Thesis Series Information security for SMEs Vadim Gordas, MSc (RHUL) and
More informationFull-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform
Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Solution Brief Full-Context Forensic Analysis Using the SecureVue Unified Situational Awareness Platform Finding
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationCHAPTER 3 : INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC
: INCIDENT RESPONSE FIVE KEY RECOMMENDATIONS 1 FIVE KEY RECOMMENDATIONS During 2014, NTT Group supported response efforts for a variety of incidents. Review of these engagements revealed some observations
More informationCYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS
CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations
More informationBaseline Security Strategy. January 17, 2013
Baseline Security Strategy January 17, 2013 Risk Continuum (Lowest Highest) Copyright Violation/ HEOA Unauthorized Network Access Unauthorized Access to Restricted Data Failure to Comply with PCI standards
More informationWHITE PAPER Leveraging GRC for PCI DSS Compliance. By: Chris Goodwin, Co-founder and CTO, LockPath
WHITE PAPER Leveraging GRC for PCI DSS Compliance By: Chris Goodwin, Co-founder and CTO, LockPath The Payment Card Industry Data Security Standard ( PCI DSS ) is set forth by a consortium of payment card
More informationCyber threat intelligence and the lessons from law enforcement. kpmg.com/cybersecurity
Cyber threat intelligence and the lessons from law enforcement kpmg.com/cybersecurity Introduction Cyber security breaches are rarely out of the media s eye. As adversary sophistication increases, many
More informationCybersecurity Awareness for Executives
SESSION ID: SOP-R04 Cybersecurity Awareness for Executives Rob Sloan Head of Cyber Content and Data Dow Jones @_rob_sloan Session Overview Aim: Provide a high level overview of an effective cybersecurity
More informationInnovations in Pharma Sales Operations
Innovations in Pharma Sales Operations Sales Ops Importance in Pharma Pharmaceutical organizations are going through fundamental restructuring. They are facing changing regulations, intense cost pressure,
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationJust-in-Time Marketing: Lessons from the Masters
Just-in-Time Marketing: Lessons from the Masters Marketers have changed the way they engage consumers, but have their changes taken them all the way back to the factory floor where marketing is produced?
More informationBRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper
BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,
More information(Instructor-led; 3 Days)
Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationBecome a hunter: fi nding the true value of SIEM.
Become a hunter: fi nding the true value of SIEM. When Security Information and Event Management (SIEM) hit the security scene, it was heralded as a breakthrough in threat detection. However, SIEM is just
More informationCompliance Services CONSULTING. Gap Analysis. Internal Audit
Compliance Services Gap Analysis The gap analysis is a fast track assessment to establish understanding on an organization s current capabilities. The purpose of this step is to evaluate the current capabilities
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationInformation security. daniel.dresner@ncc.co.uk 2005 PROVIDING PERSONAL AND PROFESSIONAL DEVLOMENT FOR IT LEADERS
Information security daniel.dresner@ncc.co.uk 2005 PROVIDING PERSONAL AND PROFESSIONAL DEVLOMENT FOR IT LEADERS The National Computing Centre 2008 You can t undisclose a disclosure 1 ISO 9001 Act Quality
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More informationSempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013
Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR 29 2013 Sempra Energy s gas and electric utilities collaborate with industry leaders and a wide range of
More informationINFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT 11852-08.2004 OVERVIEW
GENERAL OVERVIEW NAT 11852-08.2004 SEGMENT FORMAT PRODUCT ID INFORMATION MANAGEMENT STRATEGIC FRAMEWORK In the context of the Information Management Strategic Framework, information is defined as: information
More informationCertifying Information Security Management Systems
Certifying Information Security Management Systems Certifying Information Security Management Systems by Fiona Pattinson CISSP, CSDP July 2007 A brief discussion of the role of an information security
More informationDetermining Best Fit. for ITIL Implementations
Determining Best Fit for ITIL Implementations Michael Harris President David Consulting Group Agenda Why ITIL? The Evolution of IT Metrics Towards the Business What do businesses need from IT Introduction
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationVERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK
HANDBOOK VERISIGN DDoS PROTECTION SERVICES CUSTOMER HANDBOOK CONSIDERATIONS FOR SERVICE ADOPTION Version 1.0 July 2014 VerisignInc.com CONTENTS 1. WHAT IS A DDOS PROTECTION SERVICE? 3 2. HOW CAN VERISIGN
More informationIBM Global Business Services White Paper. Insurance billing and payment transformation Why now?
IBM Global Business Services White Paper Insurance billing and payment transformation Why now? 2 Insurance billing and payment transformation Why now? IBM Global Business Services 3 Introduction Customer
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationSecurity in the Cloud: Visibility & Control of your Cloud Service Providers
Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,
More informationCorporate Incident Response. Why You Can t Afford to Ignore It
Corporate Incident Response Why You Can t Afford to Ignore It Whether your company needs to comply with new legislation, defend against financial loss, protect its corporate reputation or a combination
More informationSITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre
SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service
More informationSecureVue Product Brochure
SecureVue unifies next-generation SIEM, security configuration auditing, compliance automation and contextual forensic analysis into a single platform, delivering situational awareness, operational efficiency
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationSYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.
SYMANTEC MANAGED SECURITY SERVICES Superior information security delivered with exceptional value. A strong security posture starts with a smart business decision. In today s complex enterprise environments,
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationNATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY
NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationEstablishing a Mature Identity and Access Management Program for a Financial Services Provider
Customer Success Stories TEKsystems Global Services Establishing a Mature Identity and Access Management Program for a Financial Services Provider FINANCIAL SERVICES NETWORK INFRASTRUCTURE SERVICES INFORMATION
More informationCustomer Service Analytics: A New Strategy for Customer-centric Enterprises. A Verint Systems White Paper
Customer Service Analytics: A New Strategy for Customer-centric Enterprises A Verint Systems White Paper Table of Contents The Quest for Affordable, Superior Customer Service.....................................
More informationIBM and the IT Infrastructure Library.
IBM Global Services September 2004 IBM and the IT Infrastructure Library. How IBM supports ITIL and provides ITIL-based capabilities and solutions Page No. 2 Contents ITIL Planning for Service 2 Executive
More informationDefending against modern cyber threats
Defending against modern cyber threats Protecting Critical Assets October 2011 Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Agenda 1. The seriousness of today s situation
More informationIT Compliance Volume II
The Essentials Series IT Compliance Volume II sponsored by by Rebecca Herold Security Products Must Be Secure by Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI April 2007 Software Vulnerabilities in the
More informationFaculdade de Direito, Lisboa, 02-Jul-2014. The Competitive Advantage of Cybersecurity
Faculdade de Direito, Lisboa, 02-Jul-2014 The Competitive Advantage of Cybersecurity Thales Key highlights (I) A global company with 65,000 employees and 14,2 billion in revenues, R&D 2,5 billion * We
More information