SCAN. Associates Berhad.

Transcription

1 Associates Berhad.

2 Talking points 1. Genesis 2. Products & services 3. Support 4. Strengthsth 5. Lessons 2

3 Genesis 1. Originated from University s R&D group on Infosec Government funded d 3. Very niche network security & applications of cryptography 3

4 .../Chronology 4. Only half the students passed 5. Found out they were very active hackers members of world underground 6. Worked mostly at night 4

5 /Chronology was booming IT time 8. Many organizations had very poor security 9. Many servers were defaced 5

6 /Chronology 10. Did everything FOC, useful learning process 11. The favorite reference on restoring servers and guarding networks time to get dispersed d OR stick together 6

7 /Chronology 13. Handicapped on corporate issues 14.Seemed very popular in public sector rhad. N Associates Ber 7

8 /Chronology 13. Incorporated in International Listed 2006 market capitalization ~200Million (Ringgit) 8

9 Products and services 1. Craft client needs, heavy customization 2. Initially i very much a Security boutique 3. Diversified although remaining niche in the area 9

10 Certification Focus on Quality and Capabilities Development to remain a world class company MSC Status Company ISO/IEC Certified ISO 9001 Certified CMMI Level 3, Software Engineering Institute, Carnegie-Mellon USA Awarded various recognitions 1 Track Records and Credentials 5

11 Associates Berhad.

12 Support & partners 1. Government 2. Financial 3. International partners a) Individualsid b) organizations 4. Universities/Research institutes 12

13 Strength & branding 1. Vendor independent 2. Emphasizes indigenousness (initially) i i 3. Professional certifications & continuous learning. 4. Continuous R&D 13

14 /Strength g & branding 5. Take pride in our specialty 6. Emphasizes TRUST 7. Recognized internationally rhad. N Associates Ber 14

15 Professional Certification No Professional Certification No GIAC Certified Incident Handler (SANS) 2 Redhat Certified Engineer (Redhat) 6 GIAC Security Essentials Certification (SANS) 1 Certified Ethical Hacker CEH (EC Council) 10 SAN SEC508 SECURITY 508 : System 2 Open Source Wireless Professional OSWiP 1 Forensics, Investigation & Response (SANS) (ThinkSecure) BS7799 2:2002 Lead Auditor (BSI) 2 Sensecurity Institute Security Practioner SISP (Sensecurity Institute) 3 BS7799 2:2002 Lead Implementor (BSI) 4 Microsoft Certified System Engineer MCSE 1 ISMS Provisioned Auditor (IRCA) 2 Microsoft Certified Professional MCP 1 ISTQB Certified Tester 1 Microsoft Certified System Administrator MCSA 1 QMS Lead Auditor 3 Business Continuity Planner 3 CISSP (ISC2) 14 PRINCE 2 Certified Practitioner 1 CISA (ISACA) 2 ITIL Certified Practitioner 2 CISM (ISACA) 3 Project Management Professional (PMI) 2 Opensource Professional SecurtyTester 1 Payment Card Industry Qualified Security 2 (ISECOM) Assessor (PCI QSA)

16 Associates Berhad.

17 Associates Berhad.

18 Associates Berhad.

19 Major Track Records MALAYSIA Bank Negara Malaysia Developed epki solution for Bank Negara Malaysia and ALL the banks in Malaysia epki used to secure ALL Electronic Funds Transactions (RENTAS) and Cheque Clearing System Protecting billions of ringgit i per day! SCAN Security Operations Centre (SOC) EPF, Great Eastern, UiTM, CGC (Selected List) Currently, developing Internal SOC for Celcom Security Consultancy Most of the Government Agencies, Banks and major Telco s Most of the technical staff vetted under Tapisan Halus or Kasar for sensitive government projects 1 Track Records and Credentials 10

20 Major Track Records MALAYSIA PRISMA (Pemantauan Rangkaian ICT Sector Awam Malysia) Developed and operates Malaysia Government Security Operation Centre (SOC) named PRISMA with MAMPU since X 7 X 365 Operations 50 Dedicated staff operates the center until now 177 Agencies under PRISMA Monitoring 4.5 Billions Events processed since 2004 Developed the solution using Open Source and COTS product. 7 1 Track Records and Credentials

21 Major Track Records INDONESIA Operates 3 SOCs in Indonesia Major Banks (CIMB Niaga, Danamon) Internal SOC Indosat Mandiri Bank ID SIRTII (Indonesia Security Incident Response Team on Internet Infrastructure) Developed Internet Security Monitoring Centre and Forensic Labs Major Government Agencies POLRI, BNPB Major Telcos 1 Track Records and Credentials 11

22 Major Track Records Middle East Saudi Arabia SCAN MEA. JVCO (49%) Operates 1 SOC for major bank Communications and IT Commission (CITC) Developed National Computer Emergency Response Team for Saudi Arabia Forensic Labs Security Consultancy Saudi Arabia (Jeddah and Riyadh) UAE (Dubai and Abu Dhabi) Sudan, Syria Qatar (Al Jazeera)

23 Development of Standards and Guidelines Government of Malaysia Malaysian Public Sector Management of Information & Communications Technology Security Handbook (MyMIS) Malaysian Public Sector ICT Risk Assessment Methodology (MyRAM) ICT Security Handbook for Saudi Arabia International Standard Organisation (ISO) ISO/IEC JTC 1/SC27 WG1 Working members for ISO/IEC NP Information Technology Deployment and operation of Intrusion Detection System Working members for ISO/IEC NP Guidelines for Information and communication technology disaster recovery services

24 Speaker and trainer for various conference Speaker of Blackhat Security Conference Asia (Singapore) Speaker of RuxCon Security Conference 2004 (Australia) Speaker of XCon Security Conference 2004 (Beijing, China) Speaker of HITB Security Conference 2004 (Malaysia) Speaker of SyScAN 2004 (Singapore) Microsoft Security Conference 2005 (Malaysia) Bellua Cyber Security Asia 2005 E-Secure Conference 2005 (Malaysia) Committee for SyScan 06 CFP Committee for VNSec 07 CFP Trainer at Blackhat Europe and USA Trainer at Hack in the Box Malaysia

25 Awards and Recognition Distinguished Senior IT Security Professional Award for Asia- Pacific from ISC2 USA Frost and Sullivan: Managed Security Service Provider for 2006 and 2007 Cyber Security Malaysia: 2009 Information Security Service Provider of the Year Prof Dato Dr Norbik Innovative Entrepreneur of the Year from Malaysian Malay Chamber of Commerce Ernst & Young final nominees ICT Enterpreneur Track Records and Credentials 6

26 Clients Associates Berhad.

27 Current position 1. HQ in Malaysia, ~200 staff, ~65 certified professionals 2. Offices/partnerships in: a) ASEAN b) Middle east c) Korea 27

28 Lessons 1. Technopreneurs and start ups lack corporate knowledge 2. Innovation is critical ii in all business components. 3. Must learn fast and emulate. 4. Quality is critical 5. Continuous improvement is survival 28

29 THANK YOU 29 Associates Berhad.