BCS SAM and Info Sec - Intersections and Interactions
|
|
- Ann Wilson
- 7 years ago
- Views:
Transcription
1 14 April 2016 BCS SAM and Info Sec - Intersections and Interactions Using Configuration Management to provide a spotlight on Software Compliance and Information Security
2 Presenters Nick Waring Senior Business Consultant HPE Software Services Nick is an experienced Configuration Management and Software Asset Management practitioner who works with customers across the Public and Private sectors. Matt Beavis Solution Architect HPE Software Services Hands on delivery consultant with Global experience across Networks, Servers, Monitoring, Event Management, Incident Management and Configuration Management
3 Topics we ll cover Configuration Management: - Business Challenges - CMDB - Value & Benefits Information Security: - 20 Critical Cyber Controls - Configuration Management Response Software Asset Management: - Software Inventory vs Configuration Management - Configuration Management Value
4 Business Challenges for Configuration Management Which systems & software assets do I have in my estate, and what services they support? Is my DR capability in line with the Live service? We need to reduce outages with more accurate Change impact assessment, and change verification. We need to know which critical business services are impacted and fix the most important problems faster. I need to save costs on software and hardware, and stay compliant Critical services IT infrastructure Cost savings data driven
5 Configuration Management System CMDB: The heart of the Configuration Management System Event CMDB Single Version of Truth Incident, Change, Problem & Request Integrate / Federate Discover Normalize, Enrich, Reconcile Service / System Modeling Enable Asset Management Project and Portfolio Management IT Environment Standardization, Change Control, and Business Continuity IT service / application that relies on IT data Business Functions (e.g. Security & Architecture)
6 Information Security: The Critical Security Controls for Effective Cyber Defence Critical Control Critical Control 1 Inventory of Authorized and Unauthorized Devices 11 Limitation and Control of Network Ports, Protocols, and Services 2 Inventory of Authorized and Unauthorized Software 12 Controlled Use of Administrative Privileges 3 Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 13 Boundary Defence 4 Continuous Vulnerability Assessment and Remediation 14 Maintenance, Monitoring, and Analysis of Audit Logs 5 Malware Defences 15 Controlled Access Based on the Need to Know 6 Application Software Security 16 Account Monitoring and Control 7 Wireless Access Control 17 Data Protection 8 Data Recovery Capability 18 Incident Response and Management 9 Security Skills Assessment and Appropriate Training to Fill Gaps 19 Secure Network Engineering 10 Secure Configurations for Network Devices such as Firewalls, Routers, and Switches 20 Penetration Tests and Red Team Exercises Center for Internet Security 6
7 Information Security: The Critical Security Controls for Effective Cyber Defence Critical Control Critical Control 1 Inventory of Authorized and Unauthorized Devices 11 Limitation and Control of Network Ports, Protocols, and Services 2 Inventory of Authorized and Unauthorized Software 12 Controlled Use of Administrative Privileges 3 Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 13 Boundary Defence 4 Continuous Vulnerability Assessment and Remediation 14 Maintenance, Monitoring, and Analysis of Audit Logs 5 Malware Defences 15 Controlled Access Based on the Need to Know 6 Application Software Security 16 Account Monitoring and Control 7 Wireless Access Control 17 Data Protection 8 Data Recovery Capability 18 Incident Response and Management 9 Security Skills Assessment and Appropriate Training to Fill Gaps 19 Secure Network Engineering 10 Secure Configurations for Network Devices such as Firewalls, Routers, and Switches Establish, implement and actively Actively manage (inventory, track, and Continuously manage the security acquire, configuration assess and take of correct) Manage correct) all software all the hardware security on the lifecycle devices network of on all so the in that laptops, action servers on new and information workstations in order using to a house only network authorised developed so that software only and authorised acquired installed software devices and in rigorous identify configuration vulnerabilities, management remediate and are can order given execute to access, prevent, and that and detect unauthorised and correct and change minimise control the window process of in opportunity order to prevent for unmanaged security devices software weaknesses are is found and attackers from attackers exploiting vulnerable prevented prevented from from installation gaining or access execution services and settings 20 Penetration Tests and Red Team Exercises Center for Internet Security 7
8 Configuration Management Value Critical Controls Inventory of Authorized and Unauthorized Devices Inventory of Authorized and Unauthorized Software Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers Continuous Vulnerability Assessment and Remediation 6 Application Software Security Configuration Management Response Detection of new devices being connected to the network. Regular discovery of device configuration. Identify un-authorised devices. Detection of new software on your devices Software Details and Software Usage Identify un-authorised software installation Detection of hardware and software changes in your estate Identify unauthorised changes and security risks Regular discovery of your estate Identify location of new/existing vulnerabilities Intelligent vulnerability detection Track remediation work. Regular discovery of your estate Identify location of susceptible software versions Intelligent vulnerability detection Track remediation work. 8
9 Software Asset Management & Configuration Management Is an asset a configuration item? Is a configuration item an asset? Lifespan: Whilst in Operational use Stewardship: Who is responsible for managing it Relationship: To other CIs and services Risk: What is role / importance of the item in the production environment Financial: Opex Configuration Management Performance: Availability, performance, and contribution to other service-level objectives Software Asset Management Lifespan: Request to Disposal Ownership: Who owns it Relationship: To contracts & support agreements Risk: Legal and commercial compliance Financial: Depreciation & Capital Assets Performance: Vendor performance during contract period In the case where an IT component is important to delivering an IT service, you must manage it and also track ownership, value, and access; it is both an asset and a configuration item. So why do organisations think of, discover and manage assets and Cis separately, especially when they refer to the same IT components? 9
10 Configuration Management System & SAM Let s look again at the CMDB & Configuration Management System Event Incident, Change, Problem & Request Integrate / Federate Normalize, Enrich, Reconcile Enable Software Asset Management Discover Service / System Modeling Project and Portfolio Management IT Environment Business Functions & IT services that depend on data 10
11 Value of Configuration Management to SAM Improved decision making through better data. SAM inventory data enriched with multiple sources of data Modelled Systems inform SAM which business applications software is supporting Defined business owners of applications / systems support cross charging and TCO analysis Ability to consider what if scenarios using Impact Assessment use cases 11
12 Closing Thoughts Configuration Management principles Authoritative: The Single Version of the Truth Trusted: Automatic discovery improves data quality Efficient: Collect Once, re-use many times Relevant: Only store what is needed With Context: Apply business context to IT data Accessible: Easily accessed to encourage adoption Compliant: Providing governance and oversight to the configuration of Live Services Consumed: Used across a broad range of processes, capabilities and teams
13
14 Configuration Management value: Authoritative, trusted data to support business decision making Reduced business and operational risks by having end-to-end impact assessment Improved service delivery by using data dependency and modeling capabilities Enhanced Change, Asset and availability management Faster service discovery and modeling Improved service quality and data accuracy
15 Typical CMS use cases and process enablement Service modeling and application mapping Governance / Compliance / Standardization Incident resolution Processes Change impact analysis Software license management Change control, unplanned changes Hardware Asset Management Service impact analysis (event management) SACM CLIP
16 The Benefits of Configuration Management System Understand Change Impact Avoid service Disruptions Authorize changes wisely Transparency and close loop Understand the impact of an infrastructure change on your business services. Is this change critical? Which services might be impacted? Learn what might be the reason for a service disruption. Disruptions usually occur due to change Which configuration changes might have caused cause disruption? Plan your changes based on accurate maps Don t just assume things are out there Drill from services to infrastructure including networks and storage Share data among your processes Use the same service definitions for all your processes including change and monitoring
An Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationLooking at the SANS 20 Critical Security Controls
Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationThe Protection Mission a constant endeavor
a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationCheck Point and Security Best Practices. December 2013 Presented by David Rawle
Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs
More informationJumpstarting Your Security Awareness Program
Jumpstarting Your Security Awareness Program Michael Holcomb Director, Information Security HO20110473 1 Jumpstarting Your Security Awareness Program Classification: Confidential Owner: Michael Holcomb
More informationWhat s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.
What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current
More informationBuilding a More Secure and Prosperous Texas through Expanded Cybersecurity
Building a More Secure and Prosperous Texas through Expanded Cybersecurity Bob Butler Chairman, Texas Cybersecurity, Education and Economic Development Council April 2013 About the Texas Cybersecurity
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationThe Future Is SECURITY THAT MAKES A DIFFERENCE. Overview of the 20 Critical Controls. Dr. Eric Cole
The Future Is SECURITY THAT MAKES A DIFFERENCE Overview of the 20 Critical Controls Dr. Eric Cole Introduction Security is an evolution! Understanding the benefit and know how to implement the 20 critical
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationIntroduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec
Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing
More informationWasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute
Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name
More informationApplication White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off
Application White Listing and Privilege Management: Picking Up Where Antivirus Leaves Off Times have Changed & A/V Executives Agree An A/V product as your sole endpoint protection solution isn t enough.
More informationTop 20 Critical Security Controls
Top 20 Critical Security Controls July 2015 Contents Compliance Guide 01 02 03 04 Introduction 1 How Rapid7 Can Help 2 Rapid7 Solutions for the Critical Controls 3 About Rapid7 11 01 INTRODUCTION The Need
More informationSACM and CMDB Strategy and Roadmap. David Lowe ActionableITSM.com March 20, 2012
SACM and CMDB Strategy and Roadmap David Lowe ActionableITSM.com March 20, 2012 Disclaimer The strategy and roadmap information presented here is generic by nature and based on a highly hypothetical use
More informationFocus on ITIL The importance linking business management with a CMS and process management
Focus on ITIL The importance linking business management with a CMS and process management Accenture, its logo, and High Performance Delivered are trademarks of Accenture. The Challenge What do you deliver?
More informationSolving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense
Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan Information systems Security Association National Capital Chapter January 19, 2010 1 Topics Background
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationLarry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping
Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control
More informationConnect with Addressing Intelligence to Automate IPv6 Planning, Transition & Cyber Security
2012 North American IPv6 Summit Connect with Addressing Intelligence to Automate IPv6 Planning, Transition & Cyber Security John L Lee, CTO Co-Chair, IPv6 Address Planning Team, ACT-IAC, Federal IPv6 Working
More informationIndependent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN
Independent Security Operations Oversight and Assessment Captain Timothy Holland PM NGEN 23 June 2010 Independent Security Operations Oversight and Assessment Will Jordan NGEN Cyber Security 23 June 2010
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationSoftware Asset Management (SAM) and ITIL Service Management - together driving efficiency
Software Asset Management (SAM) and ITIL Service Management - together driving efficiency Ian Preskett MIET C.Eng. MBCS CITP Software Asset Management Consultant ian.preskett@ipassociatesltd.co.uk Agenda
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationEA-ISP-012-Network Management Policy
Technology & Information Services EA-ISP-012-Network Management Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 01/04/2015 Document Security Level: PUBLIC Document Version: 1.00 Document Ref:
More informationGreat Now We Have to Secure an Internet of Things. John Pescatore SANS Director, Emerging Security Trends @John_Pescatore
Great Now We Have to Secure an Internet of Things John Pescatore SANS Director, Emerging Security Trends @John_Pescatore 1 What the Heck is That?? 2 Different Views of the Internet of Things 3 Different
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationInformation Technology Control Framework in the Federal Government Considerations for an Audit Strategy
Information Technology Control Framework in the Federal Government Considerations for an Audit Strategy Presentation to The Institute of Internal Auditors Breakfast Session February 6, 2014 Outline of
More informationITIL A guide to service asset and configuration management
ITIL A guide to service asset and configuration management The goal of service asset and configuration management The goals of configuration management are to: Support many of the ITIL processes by providing
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationWhite Paper: Consensus Audit Guidelines and Symantec RAS
Addressing the Consensus Audit Guidelines (CAG) with the Symantec Risk Automation Suite (RAS) White Paper: Consensus Audit Guidelines and Symantec RAS Addressing the Consensus Audit Guidelines (CAG) with
More informationTechnology Risk Management
1 Monetary Authority of Singapore Technology Risk Guidelines & Notices New Requirements for Financial Services Industry Mark Ames Director, Seminar Program ISACA Singapore 2 MAS Supervisory Framework Impact
More information8 Tips for Winning the IT Asset Management Challenge START
Tips for Winning the IT Asset Management Challenge START A successful IT Asset Management (ITAM) program can help you lower your costs and increase your asset utilization. You benefit by avoiding unplanned
More informationService Support. 2005 Kasse Initiatives, LLC. ITIL Configuration Management - 1. version 2.0
Service Support Configuration Management ITIL Configuration Management - 1 Goals of Configuration Management The goals of Configuration Management are to: Account for all the IT assets and configurations
More informationHow To Create A Help Desk For A System Center System Manager
System Center Service Manager Vision and Planned Capabilities Microsoft Corporation Published: April 2008 Executive Summary The Service Desk function is the primary point of contact between end users and
More informationEnterprise Computing Solutions
Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company
More informationData Security and Healthcare
Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population
More information5 Steps to Advanced Threat Protection
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationService Automation to implement and operate your Cloud initiatives
Service Automation to implement and operate your Cloud initiatives Pierre AESCHLIMANN Principal Solution Consultant (EMEA Global Accounts) BMC Software ! Request, change, and support business services!
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationCritical Security Controls
Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security
More informationSPEAR PHISHING UNDERSTANDING THE THREAT
SPEAR PHISHING UNDERSTANDING THE THREAT SEPTEMBER 2013 Due to an organisation s reliance on email and internet connectivity, there is no guaranteed way to stop a determined intruder from accessing a business
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationService Asset & Configuration Management 13 May 2014
Service Asset & Configuration 13 May 2014 Introduction Brian Scott 25+ years experience in IT, ITSM, Telco, Hardware and Software Asset Last 7 years as architect and consultant for Defence, Blue Light,
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationPatch Management Policy
Patch Management Policy L2-POL-12 Version No :1.0 Revision History REVISION DATE PREPARED BY APPROVED BY DESCRIPTION Original 1.0 2-Apr-2015 Process Owner Management Representative Initial Version No.:
More informationReducing the Cyber Risk in 10 Critical Areas
Reducing the Cyber Risk in 10 Critical Areas Information Risk Management Regime Establish a governance framework Enable and support risk management across the organisation. Determine your risk appetite
More informationSCAC Annual Conference. Cybersecurity Demystified
SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber
More informationAssessing the Effectiveness of a Cybersecurity Program
Assessing the Effectiveness of a Cybersecurity Program Lynn D. Shiang Delta Risk LLC, A Chertoff Group Company Objectives Understand control frameworks, assessment structures and scoping of detailed reviews
More informationCode of Practice for Cyber Security in the Built Environment
Brochure More information from http://www.researchandmarkets.com/reports/3085299/ Code of Practice for Cyber Security in the Built Environment Description: This code of practice explains why and how cyber
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ à Securities and Exchange Board of India
CIRCULAR CIR/MRD/DP/13/2015 July 06, 2015 To, All Stock Exchanges, Clearing Corporation and Depositories. Dear Sir / Madam, Subject: Cyber Security and Cyber Resilience framework of Stock Exchanges, Clearing
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationA Rackspace White Paper Spring 2010
Achieving PCI DSS Compliance with A White Paper Spring 2010 Summary The Payment Card Industry Data Security Standard (PCI DSS) is a global information security standard defined by the Payment Card Industry
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationThe Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER
The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY............................................... 1 BUSINESS CHALLENGE: MANAGING CHANGE.................................
More informationDigital Pathways. Penetration Testing
Penetration Testing inftouch@digitalpathwyas.co.uk Penetration testing, vulnerability tests, assurance projects, ethical hacking it all means broadly the same thing; testing a corporate network to determine
More informationNSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense
NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense Cyber Investigations Data Management Systems Security Data Security Analysis Digital Forensics Health Care Security Industrial
More informationHoneywell Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Honeywell Process Solutions (HPS) June 4, 2014
Industrial Cyber Security Overview and Managed Industrial Cyber Security Services Process Solutions (HPS) June 4, Industrial Cyber Security Industrial Cyber Security is the leading provider of cyber security
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationConfiguration Management One Bite At A Time
Configuration Management One Bite At A Time By Kai Holthaus, ITIL v3 Expert and Director for Third Sky, Inc. Implementing Configuration Management can be a daunting challenge. While the potential payback
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationManagement (CSM) Capability
CDM Configuration Settings Management (CSM) Capability Department of Homeland Security National Cyber Security Division Federal Network Security Network & Infrastructure Security Table of Contents 1 PURPOSE
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationSAP IT Infrastructure Management. Dirk Smit ALM Engagement Manager SAP Africa dirk.smit@sap.com
SAP IT Infrastructure Management Dirk Smit ALM Engagement Manager SAP Africa dirk.smit@sap.com Challenges in managing heterogeneous IT environments Determine the value that IT contributes to the business
More informationMONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014
MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014 COMPLIANCE SCHEDULE REQUIREMENT PERIOD DESCRIPTION REQUIREMENT PERIOD DESCRIPTION 8.5.6 As Needed 11.1 Monthly 1.3 Quarterly 1.1.6 Semi-Annually
More informationBSM for IT Governance, Risk and Compliance: NERC CIP
BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................
More informationApplying the CPNI Top 20 Critical Security Controls in a University Environment
IT Services Applying the CPNI Top 20 Critical Security Controls in a University Environment RUGIT IT Security Group October 2013 1. Introduction Universities UK (UUK) has published a policy briefing on
More informationMSP Service Matrix. Servers
Servers MSP Service Matrix Microsoft Windows O/S Patching - Patches automatically updated on a regular basis to the customer's servers and desktops. MS Baseline Analyzer and MS WSUS Server used Server
More informationWhat s New With HP Service Manager and Universal CMDB December 18, 2014
What s New With HP Service Manager and Universal CMDB December 18, 2014 Copyright 2014 Vivit Worldwide Copyright 2014 Vivit Worldwide Brought to you by Copyright 2014 Vivit Worldwide Hosted by Laura Walker
More informationProtecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
More informationThe Value of ITAM To IT Service Management. Presented by Daryl Frost. Copyright Burswood Information Solutions Limited 2015
The Value of ITAM To IT Service Management Presented by Daryl Frost What The!! We buy all this IT equipment Where is it!! How much are we buying it seems to cost a fortune! Are we getting any value from
More informationAppalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation... 1. Areas for Improvement... 2
Report No. 13-35 September 27, 2013 Appalachian Regional Commission Table of Contents Results of Evaluation... 1 Areas for Improvement... 2 Area for Improvement 1: The agency should implement ongoing scanning
More informationFoundation. Summary. ITIL and Services. Services - Delivering value to customers in the form of goods and services - End-to-end Service
ITIL ITIL Foundation Summary ITIL and s Design s - Delivering value to customers in the form of goods and services - End-to-end ITIL Best Practice - Scalable and not prescriptive - Gathered from Users,
More informationCYBER SECURITY POLICY For Managers of Drinking Water Systems
CYBER SECURITY POLICY For Managers of Drinking Water Systems Excerpt from Cyber Security Assessment and Recommended Approach, Final Report STATE OF DELAWARE DRINKING WATER SYSTEMS February 206 Kash Srinivasan
More informationCracking the Code on Software License Management
Cracking the Code on Software License Management Overview of IT Asset Management Integration Integration of the physical, financial, and contractual attributes of IT assets Enables the delivery of timely
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationITIL Intermediate Capability Stream:
ITIL Intermediate Capability Stream: RELEASE, CONTROL AND VALIDATION (RCV) CERTIFICATE Sample Paper 1, version 5.1 Gradient Style, Complex Multiple Choice QUESTION BOOKLET Gradient Style Multiple Choice
More informationControl Costs with a 4-Speed SACM Transmission
WHITE PAPER: Control Costs with a 4-Speed SACM Transmission Brent J. Knipfer Director ITSM Product Management CompuCom May 2012 Executive Summary IT executives are clamoring for more control over the physical
More informationAutomated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER
Automated IT Asset Management Maximize organizational value using BMC Track-It! WHITE PAPER CONTENTS ADAPTING TO THE CONSTANTLY CHANGING ENVIRONMENT....................... 1 THE FOUR KEY BENEFITS OF AUTOMATION..................................
More informationAwell-designed configuration management
Designing a CMDB that also functions as an asset management repository requires broader definitions of the configuration items included in a traditional CMDB. Follow these s to successfully scope and manage
More informationEvaluation Report. Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review. April 30, 2014 Report Number 14-12
Evaluation Report Weaknesses Identified During the FY 2013 Federal Information Security Management Act Review April 30, 2014 Report Number 14-12 U.S. Small Business Administration Office of Inspector General
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationINFORMATION TECHNOLOGY ENGINEER V
1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County
More informationCover Page. Title Configuration Management Database. Category Enterprise IT Management Initiatives
Cover Page Title Configuration Management Database Category Enterprise IT Management Initiatives Contact Dale Richardson, Director Data Center Services Department of Information resources Dale.Richardson@dir.texas.gov
More informationGoals. Understanding security testing
Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationEverything You Wanted to Know about DISA STIGs but were Afraid to Ask
Everything You Wanted to Know about DISA STIGs but were Afraid to Ask An EiQ Networks White Paper 2015 EiQ Networks, Inc. All Rights Reserved. EiQ, the EiQ logo, the SOCVue logo, SecureVue, ThreatVue,
More informationCybersecurity Health Check At A Glance
This cybersecurity health check provides a quick view of compliance gaps and is not intended to replace a professional HIPAA Security Risk Analysis. Failing to have more than five security measures not
More informationInformation Shield Solution Matrix for CIP Security Standards
Information Shield Solution Matrix for CIP Security Standards The following table illustrates how specific topic categories within ISO 27002 map to the cyber security requirements of the Mandatory Reliability
More informationCMDB Essential to Service Management Strategy. All rights reserved 2007
CMDB: Essential to the Service Management strategy Business Proposition: This white paper describes how the CMDB is an essential component of the IT Service Management Strategy, and why the FrontRange
More informationdeveloping your potential Cyber Security Training
developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company
More informationConfiguration Management Why we should care! Anne-Rose Suriel Senior Systems Engineer
Configuration Management Why we should care! Anne-Rose Suriel Senior Systems Engineer Agenda 1. Introduction to Configuration Management 2. Importance of Configuration Management 3. Should we care? 4.
More informationINTOSAI EDP COMMITTEE PERFORMANCE AUDIT SEMINAR, SLOVENIA 14-16 MAY 2001 COUNTRY PAPER OF THE OFFICE OF THE AUDITOR-GENERAL: REPUBLIC OF SOUTH AFRICA
INTOSAI EDP COMMITTEE PERFORMANCE AUDIT SEMINAR, SLOVENIA 14-16 MAY 2001 COUNTRY PAPER OF THE OFFICE OF THE AUDITOR-GENERAL: REPUBLIC OF SOUTH AFRICA AUDITING IN A NETWORKED PUBLIC SECTOR Prepared by:
More informationNOS for Network Support (903)
NOS for Network Support (903) November 2014 V1.1 NOS Reference ESKITP903301 ESKITP903401 ESKITP903501 ESKITP903601 NOS Title Assist with Installation, Implementation and Handover of Network Infrastructure
More information