Security operations center (SOC) globalization
|
|
- Grace McCarthy
- 8 years ago
- Views:
Transcription
1 Security operations center (SOC) globalization Important factors to consider when centralizing security services and monitoring environment for your organization kpmg.com
2 b Security operations center globalization
3 Security operations center globalization 1 Introduction Companies with a global footprint are increasingly shifting towards centralizing their security operation center and security monitoring functions within a single locale or office. There are obvious benefits that make this model appealing to organizations. First, long-term operational and capital costs are reduced since only one instance of the toolset needs to be purchased and one team of individuals trained. In a decentralized organizational model, any change to security processes or toolsets will need to be effectively communicated to each of the regional teams. Aggregating these functions helps ensure that business processes performed by this central team are repeatable and performed in a consistent manner across the enterprise. Additionally, the quality of work relies heavily upon the skill of the team performing them, and staffing redundancies are almost inevitable. The centralized model keeps the security function running leaner and more efficiently, as management will have a firmer grasp on actual staffing needs for the company holistically as opposed to per location. As attractive as the benefits are, this does not mean that implementing a global security operations center is without its share of pitfalls. There are many factors that organizations do not typically consider, which typically equate to an overrun in budget, time estimations, or failure to meet project objectives. This white paper is designed to highlight many of the hurdles companies have faced when undertaking a globalization or centralization effort of their security operations center.
4 2 Security operations center globalization Common functions for a global security operations center (GSOC) The foundation to building out a GSOC is to determine what security functions will be performed out of the GSOC as opposed to the local office teams. At a minimum, most organizations consider the use of the GSOC for all security monitoring and log management functions. This includes the review of logs and alerts from the corporate Intrusion Prevention System (IPS), Security Information and Event Management (SIEM) system, or anti-virus installations to name a few. As a natural product of this, incident response teams may operate out of the GSOC as well. Assuming the company s log management processes are at a high maturity level, this allows advanced incident responders to gain rapid access to any security logs that may be needed for an investigation or response effort. Incident response is also a shining example of a process that needs to be performed in a consistent manner, which is why it is a prime candidate for centralization. An organization must also be aware of its core competencies, and schedule for availability in order to determine if any functions that can be outsourced to managed security service providers (MSSP) where internal coverage is lacking. For example, many mid-sized or smaller companies find it difficult to establish a 24/7 security operations center and staff it appropriately to manage this function. MSSPs provide services that allow an organization to outsource the security monitoring function, and to some degree the response to an incident, when internal staff lacks the necessary skill set, or staff availability is a challenge. For organizations with the right skill set but lack of off-hours staff availability, a hybrid approach may work best. This allows the organization s resources to be at the switch during the normal work day, with a transition to the MSSP for off-hours monitoring. Finally, global companies with the right skill set and geographic locations may also consider a follow-the-sun model to ensure 24/7 coverage using only internal resources. The answer to the question of having the right outsourcing approach will be based on location, coverage requirements of the program, and staff skill and availability. Rebuilding after the war Once a GSOC consolidation effort announcement is communicated throughout the organization, there will come the inevitable power struggle between the various IT and security teams to stake their respective claims for control. The war will be fought on two fronts, one to control the geographic placement of the new GSOC, and the other to take responsibility for each of the operational processes and corresponding toolsets. The geographic placement discussion may be an easy discussion if there is already a central business/technology hub or if senior management had already predefined its location. Along those same lines, companies often find that years of decentralization ultimately lead to silos of disparate and dissimilar practices across the organization, and different locations or business units can have different requirements for their security program and its objectives. This means that the new team will need to pick and choose what practices and tools work best in a global scale, as well as publish new guidance surrounding the company-wide security model. Additionally, there will almost certainly be pushback from the remote teams that are in the most danger of losing either their jobs or their control in the organization. Senior management will need to be active in communicating the centralization effort, which is one of the best ways to garner the most active support for the project. The tone should be set at the highest levels of IT, with a messaging containing all the potential benefits this effort can provide, as well as reinforcing that this is a project with the steadfast support of the company.
5 The war will be fought on two fronts, one to control the geographic placement of the new GSOC, and the other to take responsibility for each of the operational processes and corresponding toolsets. Security operations center globalization 3
6 4 Security operations center globalization The people and technology pieces of the puzzle are not mutually exclusive. Know your role Centralizing incident response efforts can pose significant challenges in the way local IT teams interact with the Security and Incident Response teams. While the response team may be located in a single geographic location, the different IT teams may be scattered across multiple geographic regions and cities. Investigation of an incident will require participation from multiple cross-functional teams, many of which the Incident Response team may not be familiar with. Direct involvement will be based largely on their familiarity with the compromised asset, which makes geographic location and role within IT primary factors. The fact that the cast of characters may differ widely depending on the specifics of an incident only highlights the need for thorough tabletop testing exercises. In a large environment, the individual creating the testing scenarios needs to determine whether a server compromised in Chicago will involve the same personnel should the same thing happen in New York or London or Tokyo. If the answer is a yes, that scenario will need to be tested twice with each of the different or geographically dispersed teams. In conjunction with testing, specific service level agreements (SLAs) should be made to define exactly what services IT teams need to perform in the event of a response effort, and in what time frame. This is important given the likelihood of the response teams and technical owners never meeting in person, and thus not being able to relay the urgency in the requests. Top-level management support, a solid incident response plan and process, and testing are key to ensuring success during incident response in a centralized incident response/dispersed support model. Tool scalability Now that the teams and tools have been selected and policies approved, the next step is to pressure test the tools to verify they can perform under a global context. Monitoring tools, such as SIEM or intrusion detection systems (IDS), are especially susceptible to being underpowered once companies begin feeding it their complete log set or additional sources that were not considered in the initial regional or local design. Additional sensors for both solutions will need to be procured to provide complete coverage in the environment. Also, the central collection engines may need to be upgraded based upon the increase in log traffic. Baseline testing should be performed in order to determine what SIEM or log management solution would be best suited to handle the increase in logs. Storage for these logs and events may also need to be increased in order to achieve desired data retention rates. The people and technology pieces of the puzzle are not mutually exclusive. With the new global reach of the SOC, more events will inevitably fire from both the IDS and SIEM systems. Policies should be in place to triage these alerts, and adequate headcount should be allocated to respond to any critical events in a timely manner.
7 Security operations center globalization 5 International regulatory and nation-state considerations Regulations governing cross-border transfer of private information, even within the same organization, may need to go through risk management and may take a significant amount of time to complete. For instance, the European Data Privacy Directive states that no transfer of personal data may be sent outside of the European Union unless certain conditions are met. These conditions can range anywhere from companies applying for Safe Harbor status, to having each of their European employees sign explicit agreements allowing their employer to transit their information outside of the European Union. Even when privacy initiatives or regulations do not exist in certain countries in which the company does business, the organization must ensure that adequate risk management practices are followed in the transfer of data in and out of these countries as well as the protection of log and security data while in storage. The privacy of data cannot be ensured in all nations and depends greatly on the nation s local and governmental practices and ability to request and receive data from non-nation state-owned organizations. Many organizations may choose to eliminate certain geographic locations from the globalization to bring the risk to an acceptable level. However, the lack of a global view of security data for the organization is also a risk that must be considered. While these issues may influence the overall geographic placement of the GSOC, consideration must be paid to this issue, and a sound decision based on risk needs to be made. Conclusion Globalization or centralization of a SOC, security monitoring, and response brings the benefits of having a global view of the current security events within the company while reducing costs and increasing efficiencies related to monitoring and response. And while this journey is not without its share of concerns and hurdles, they are not insurmountable with proper management support, risk management, and project planning. Finally, as part of overall project planning, success criteria, metrics, or key performance indicators (KPIs) should be created to track the overall success of the effort and corrective actions implemented as needed to ensure the overall success of this endeavor. KPMG provides an extensive set of services in this space related to current-state SOC assessment, strategy and planning, implementation, and future-state road map development. Our experience in this field allows KPMG to bring industry-leading practices to your organization to help you ensure your security monitoring and response function is protecting your organization from compromise or loss due to security incidents. Marketing After the people, process, and technology have been assembled, an effective marketing strategy is paramount to making your new GSOC a success. Stakeholders in all areas of the organization should be made aware of the types of services currently being provided by the GSOC, and what ad hoc services the GSOC is responsible for should the need arise. To help facilitate this, what many companies have found helpful is a one-page catalog of services along with brief descriptions of each. SLAs should also be defined such that organizations will know approximate turn-around times for each offering provided. This catalog not only provides a helpful reference guide detailing what can be expected of the GSOC, but also helps ensure that other groups within IT do not create redundant processes or implement technologies that are already in place.
8 The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Printed in the U.S.A. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. NDPPS
Top 5 reasons incident response is failing. kpmg.com
Top 5 reasons incident response is failing kpmg.com b Top 5 reasons incident response is failing Introduction The Incident Response function within an organization is responsible for assessing the integrity
More informationKPMG s Financial Management Practice. kpmg.com
KPMG s Financial Management Practice kpmg.com 1 KPMG s Financial Management Practice KPMG s Financial Management (FM) practice, within Advisory Management Consulting, supports the growing agenda and increased
More informationBuilding and Sustaining a Strong Organization Amid Challenge And Change KPMG LLP
Building and Sustaining a Strong Organization Amid Challenge And Change KPMG LLP The Issue Today s market realities offer businesses little choice but to embrace change. Companies in almost every industry
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationYour incentive compensation plans have no borders.
Your incentive compensation plans have no borders. Why should your compliance processes? KPMG LINK Global Equity Tracker powered by KPMG LINK Work Force Take care of risks before take off Challenges of
More informationIT Transformation. Moving Beyond Service Management to a Strategic Business Role. August 2013. kpmg.com
IT Transformation Moving Beyond Service Management to a Strategic Business Role August 2013 kpmg.com KPMG surveyed over 275 attendees at ServiceNow s Knowledge13 conference, here is what we learned. Key
More informationEcom Infotech. Page 1 of 6
Ecom Infotech Page 1 of 6 Page 2 of 6 IBM Q Radar SIEM Intelligence 1. Security Intelligence and Compliance Analytics Organizations are exposed to a greater volume and variety of threats and compliance
More informationRunning the business of IT metrics that matter
INFORMATION TECHNOLOGY SERVICES Running the business of IT metrics that matter November 2014 kpmg.com Contents Introduction... 2 Do you have the right KPIs to run IT as a business?... 4 Data is not the
More informationSustainability reporting What you should know kpmg.com
SUSTAINABILITY Sustainability reporting What you should know kpmg.com b Sustainability reporting What you should know KPMG LLP (KPMG) defines corporate sustainability as adopting business strategies that
More informationADVISORY SERVICES. Risk management in an evolving world. Making the case for social media governance. kpmg.com
ADVISORY SERVICES Risk management in an evolving world Making the case for social media governance kpmg.com Risk management in an evolving world 3 Why good governance should be the foundation of your social
More informationTransforming Internal Audit: A Maturity Model from Data Analytics to Continuous Assurance
ADVISORY SERVICES Transforming Internal Audit: A Model from Data Analytics to Assurance kpmg.com Contents Executive summary 1 Making the journey 2 The value of identifying maturity levels 4 Internal audit
More informationDrive to the top. The journey, lessons, and standards of global business services. kpmg.com
Drive to the top The journey, lessons, and standards of global business services kpmg.com The new normal for global enterprises is about doing more with less while at the same time driving the top line
More informationBest Practices for Building a Security Operations Center
OPERATIONS SECURITY Best Practices for Building a Security Operations Center Diana Kelley and Ron Moritz If one cannot effectively manage the growing volume of security events flooding the enterprise,
More informationHow To Transform It Risk Management
The transformation of IT Risk Management kpmg.com The transformation of IT Risk Management The role of IT Risk Management Scope of IT risk management Examples of IT risk areas of focus How KPMG can help
More informationTrade Compliance Considerations. April 13, 2016
Trade Compliance Considerations April 13, 2016 Notice The following information is not intended to be written advice concerning one or more Federal tax matters subject to the requirements of section 10.37(a)(2)
More informationThe changing lens of information security kpmg.com
IT ADVISORY SERVICES The changing lens of information security kpmg.com 2 Section or Brochure name The changing lens of information security Enabling business via information protection programs Contents
More informationEffectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com
Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationYour incentive compensation plans have no borders. Why should your compliance processes? Powered by KPMG LINK Global Equity Tracker
Your incentive compensation plans have no borders. Why should your compliance processes? Powered by KPMG LINK Global Equity Tracker Take care of risks before take off Challenges of mobility Incentive compensation
More informationLeveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com
Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency kpmg.com Leveraging data analytics and continuous auditing processes 1 Executive
More informationSIEM Implementation Approach Discussion. April 2012
SIEM Implementation Approach Discussion April 2012 Agenda What are we trying to solve? Summary Observations from the Security Assessments related to Logging & Monitoring Problem Statement Solution Conceptual
More informationSAP at Accenture The journey to high performance in the close process
SAP at Accenture The journey to high performance in the close process 2 Business challenge More than 10 years of rapid growth has propelled Accenture from 75,000 people and net revenues of $11.44 billion
More informationBusiness Case Outsourcing Information Security: The Benefits of a Managed Security Service
Business Case Outsourcing Information Security: The Benefits of a Managed Security Service seccuris.com (866) 644-8442 Contents Introduction... 3 Full- Time Experts vs. a Part- Time In- House Staff...
More informationTransforming risk management into a competitive advantage kpmg.com
INSURANCE RISK MANAGEMENT ADVISORY SOLUTIONS Transforming risk management into a competitive advantage kpmg.com 2 Transforming risk management into a competitive advantage Assessing risk. Building value.
More informationDeveloping a Free Credit Score Program. kpmg.com
Developing a Free Credit Score Program kpmg.com Developing a Free Credit Score Program 1 Introduction U.S. regulators, including the Consumer Financial Protection Bureau (CFPB), have begun urging lenders
More informationManaged Security Service Providers vs. SIEM Product Solutions
White Paper The Business Case for Managed Security Services Managed Security Service Providers vs. SIEM Product Solutions www.solutionary.com (866) 333-2133 The Business Case for Managed Security Services
More informationOrganizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation
Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation Agenda Problem Description Issues for Consideration Mitigation of the Issues Options
More informationA Dashboard Perspective
A Dashboard Perspective The ability to monitor key performance indicators (KPIs) was crucial to Henry Ford s production line success in the 1900 s. Ford pioneered the concept of monitoring key production
More informationGlobal ediscovery Client Data Security. Managed technology for the global legal profession
Global ediscovery Client Data Security Managed technology for the global legal profession Epiq Systems is a global leader in providing fully integrated technology products and services for ediscovery and
More informationChoosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both!
Choosing Between Managed Security Services or In-house SIEM? Consider the Benefits of both! Matteo Masserini Steven Kulley Tarun Sondhi Emerging Region Sales Specialist Regional Product Manager - EMEA
More informationBRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper
BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,
More informationData Center Consolidation in the Federal Government Looking beyond the technology
Data Center Consolidation in the Federal Government Looking beyond the technology Overview The reported number of Federal data centers grew from 432 in 1998 to 2,094 in 2010 1, an increase that is costly,
More informationREDUCING THE RISKS INHERENT IN EMERGENCY MEDICAL CONTACT AND UNBLINDING
white paper REDUCING THE RISKS INHERENT IN EMERGENCY MEDICAL CONTACT AND UNBLINDING All sides agree that patient safety is paramount in the conduct of clinical trials. While focused on patient safety,
More informationBREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT
BREAKING THE KILL CHAIN AN EARLY WARNING SYSTEM FOR ADVANCED THREAT Rashmi Knowles RSA, The Security Division of EMC Session ID: Session Classification: SPO-W07 Intermediate APT1 maintained access to
More informationBest Practices in adopting a Shared Services Model August 2013 22011YYYY
Best Practices in adopting a Shared Services Model August 2013 22011YYYY In their endeavors to become high performing organizations, businesses are pushing all innovation frontiers to do more with less
More informationSales and Use Tax Compliance Services
Sales and Use Tax Compliance Services U.S. Indirect Tax Practice kpmg.com 2 Sales and Use Tax Compliance Services Enhance the management of your indirect tax compliance obligations In today s challenging
More informationCompany size matters: Perspectives on IT Governance
www.pwc.com/ca/technology-consulting Company size matters: Perspectives on IT Governance versus large Canadian organizations and IT Governance PwC conducted research for the 4th edition of the IT Governance
More informationInvestment Management: Rising to the Risk and Compliance Challenge kpmg.com
KPMG Regulatory Risk and Compliance Practice Investment Management: Rising to the Risk and Compliance Challenge kpmg.com CONTENTS New Regulatory Frontiers: Forging Ahead in a Changing Landscape 1 A Proactive
More informationKPMG LLP Credit Risk Management Practices 2014 Survey on Credit Bureau Reporting
KPMG LLP Credit Risk Management Practices 2014 Survey on Credit Bureau Reporting July 2014 kpmg.com Introduction Dear Colleagues: Credit reports play an important role in the lives of consumers. As the
More informationQRadar Security Intelligence Platform Appliances
DATASHEET Total Security Intelligence An IBM Company QRadar Security Intelligence Platform Appliances QRadar Security Intelligence Platform appliances combine typically disparate network and security management
More informationCompliance Overview: FISMA / NIST SP800 53
Compliance Overview: FISMA / NIST SP800 53 FISMA / NIST SP800 53: Compliance Overview With Huntsman SIEM The US Federal Information Security Management Act (FISMA) is now a key element of the US Government
More informationTitle here. Successful Business Model Transformation. in the Financial Services Industry. KPMG s Evolving World of Risk Management SECTORS AND THEMES
SECTORS AND THEMES Successful Business Model Transformation Title here in the Financial Services Industry Additional information in Univers 45 Light 12pt on 16pt leading KPMG s Evolving World of Risk Management
More informationFrom burden to competitive advantage
KPMG Transformation Survey From burden to competitive advantage Regulatory change and transformation in financial services kpmg.com The regulatory environment is rapidly changing the financial services
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationDell Advanced Network Monitoring Services Service Description
Dell Service Description 1. INTRODUCTION TO YOUR SERVICE AGREEMENT Advanced Network Monitoring: Network outages or network performance problems can cause significant economic impacts to your day to day
More informationClient Security Risk Assessment Questionnaire
Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2
More informationThe Case for Managed Security Services for Log Monitoring and Management
White Paper The Case for Managed Security Services for Log Monitoring and Management www.solutionary.com (866) 333-2133 The Case for Managed Security Services for Log Monitoring and Management Contents
More informationFIVE PRACTICAL STEPS
WHITEPAPER FIVE PRACTICAL STEPS To Protecting Your Organization Against Breach How Security Intelligence & Reducing Information Risk Play Strategic Roles in Driving Your Business CEOs, CIOs, CTOs, AND
More informationRSA ARCHER AUDIT MANAGEMENT
RSA ARCHER AUDIT MANAGEMENT Solution Overview INRODUCTION AT A GLANCE Align audit plans with your organization s risk profile and business objectives Manage audit planning, prioritization, staffing, procedures
More informationThe Business Benefits of Logging
WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationCisco Virtual Desktop Infrastructure Strategy Service
Cisco Virtual Desktop Infrastructure Strategy Service Build a Comprehensive Business Case for a Virtual Desktop Infrastructure Implementation The Cisco Virtual Desktop Infrastructure Strategy Service helps
More informationData & Analytics in Internal Audit. January 13, 2015
Data & Analytics in Internal Audit January 13, 2015 With You Today KPMG Brian Greenberg, Director, Data & Analytics-enabled Internal Audit (National) Sean Mulyanto, Manager IT Advisory (Los Angeles) 1
More informationCompliance Risk Management Survey A Point of View
FINANCIAL SERVICES Compliance Risk Management Survey A Point of View July 2014 kpmg.com Compliance Risk Management Survey A Point of View 3 Introduction As the financial crisis unfolded, regulators looked
More informationKPMG Powered Enterprise
KPMG Powered Enterprise Driving Oracle Cloud-enabled business transformation kpmg.com KPMG Powered Enterprise / 1 Introduction Organizations generally resist changes to their enterprise systems. What
More informationMove beyond the expected.
Infrastructure Management & Monitoring for Business-Critical Continuity TM Move beyond the expected. The Avocent Data Center Planner Taking data center operations to the next level Execution Availability
More informationSage ERP Solutions I White Paper
I White Paper Transforming Finance into a Strategic Resource www.sagenorthamerica.com Table of Contents Executive Summary... 3 Benefits of a Strategic Finance Function... 3 What Finance Needs to Become
More informationWhat to Consider When Building An Internal Sourcing Function
What to Consider When Building An Internal Sourcing Function The vast majority of business leaders agree that having the right talent at the right time is the key to operating a successful business. Cisco
More informationConcurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services
Concurrent Technologies Corporation (CTC) is an independent, nonprofit, applied scientific research and development professional services organization providing innovative management and technology-based
More informationSecurity Information/Event Management Security Development Life Cycle Version 5
Security Information/Event Management Security Development Life Cycle Version 5 If your enterprise is like most, you are collecting logs from most every device with security relevance. The flood of events
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationAchieving business excellence through quality in a BPO environment
Achieving business excellence through quality in a BPO environment Worldwide BPO Forecast for Horizontal Business Functions, 2004 2009, US$M Worldwide spending on horizontal business process outsourcing
More informationHR Optimization in the Public Sector. kpmg.com
HR Optimization in the Public Sector kpmg.com A Journey of Good Sense and Good Results... 3 Key Findings... 4 Key Research Summary... 4 Evolution Of The Shared Services Journey For HR... 5 Driving HR Optimization
More informationAPPENDIX 8 TO SCHEDULE 3.3
EHIBIT Q to Amendment No. 60 - APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT APPENDI 8 TO SCHEDULE 3.3 TO THE COMPREHENSIVE INFRASTRUCTURE AGREEMENT EHIBIT Q to Amendment No.
More informationCompany Overview. Enterprise Cloud Solutions
2016 Company Overview Enterprise Cloud Solutions ENTERPRISE CLOUD SOLUTIONS Unitas Global utilizes leading cloud technologies to optimize enterprise IT environments. By designing, deploying, and managing
More informationKPMG s National Broker-Dealer Practice Survey Results
KPMG s National Broker-Dealer Practice Survey Results Insights into how brokerdealers are implementing the recent SEC Rule 17a-5 Amendments kpmg.com 2 KPMG s National Broker-Dealer Practice Survey Results
More informationDynamic Service Desk. Unified IT Management. Solution Overview
I T S E R V I C E + I T A S S E T M A N A G E M E N T INFRASTRUCTURE MANAGEMENT Dynamic Service Desk Unified IT Management Achieving business and IT alignment requires having insight into hardware and
More informationWhitepaper. IT Strategies for HR Transformation YOUR SUCCESS IS OUR FOCUS. Published on: Feb 2006 Author: Madhavi M
YOUR SUCCESS IS OUR FOCUS Whitepaper IT Strategies for HR Transformation Published on: Feb 2006 Author: Madhavi M 2009 Hexaware Technologies. All rights reserved. Table of Contents 1. Executive Summary
More informationAdvanced Threats: The New World Order
Advanced Threats: The New World Order Gary Lau Technology Consulting Manager Greater China gary.lau@rsa.com 1 Agenda Change of Threat Landscape and Business Impact Case Sharing Korean Incidents EMC CIRC
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationMicrosoft Dynamics CRM Solutions for Retail Banking
Performance Microsoft Dynamics CRM Solutions for Retail Banking White Paper Setting new standards that enable retail banks to attract, retain, and service customers with superior speed, efficiency, and
More informationPursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES
Pursuing Compliance with the FFIEC Guidance Risk Assessment 101 KPMG RISK ADVISORY SERVICES Contents PART I An Increasing Threat: Identity Theft The FFIEC Response Risk Assessment Fundamentals The FFIEC
More informationDriving Business Value. A closer look at ERP consolidations and upgrades
IT advisory SERVICES Driving Business Value A closer look at ERP consolidations and upgrades KPMG LLP Meaningful business decisions that help accomplish business goals and growth objectives may call for
More informationHow to successfully manage your mega-project
BUILDING, CONSTRUCTION & REAL ESTATE How to successfully manage your mega-project Part II Stakeholder communication and project controls integration kpmg.com 2 Building, Construction & Real Estate How
More informationLeveraging Data Analytics and Continuous Auditing. Internal Audit. January 9, 2014
Leveraging Data Analytics and Continuous Auditing to Transform Internal Audit January 9, 2014 Presenter Introductions John Isenberg, Director KPMG Risk Consulting Dallas Cortnye King, Manager KPMG Risk
More informationA Pragmatic Guide to Big Data & Meaningful Privacy. kpmg.be
A Pragmatic Guide to Big Data & Meaningful Privacy kpmg.be From predicting criminal behavior to medical breakthroughs, from location-based restaurant recommendations to customer churn predictions, the
More informationManaging Compliance in a Complex World
GLOBAL COMPLIANCE MANAGEMENT SERVICES Managing Compliance in a Complex World TAX kpmg.com Managing compliance in a complex world Today s unprecedented economic challenges are forcing companies to rethink
More informationBoosting enterprise security with integrated log management
IBM Software Thought Leadership White Paper May 2013 Boosting enterprise security with integrated log management Reduce security risks and improve compliance across diverse IT environments 2 Boosting enterprise
More informationIntelligence Driven Security
Intelligence Driven Security RSA Advanced Cyber Defense Workshop Shane Harsch Senior Solutions Principal, RSA 1 Agenda Approach & Activities Operations Intelligence Infrastructure Reporting & Top Findings
More informationManaging IT Security Risks (Build, Buy, or Both?)
August 7, 2001 Colorado Office 1600 Stout Street Suite 1510 Denver, CO 80202 303.446.0001 Managing IT Security Risks (Build, Buy, or Both?) Oklahoma Office 1307 South Boulder Avenue Suite 120 Tulsa, OK
More informationHow To Audit Cloud Computing
Assessing the Audit Impact of Cloud Computing kpmg.com 1 Assessing the Audit Impact of Cloud Computing Cloud Computing Cloud computing is becoming an important IT strategy for entities that need varying
More informationWhite Paper. Central Administration of Data Archiving
White Paper Central Administration of Data Archiving Archiving and Securing Corporate Data... 1 The Growing Need for Data Archive Solutions... 1 Determining Data Archiving Policy... 2 Establishing the
More informationManaged Hosting: Best Practices to Support Education Strategy in the Career College Sector
Managed Hosting: Best Practices to Support Education Strategy in the Career College Sector Online learning is playing a critical role in the delivery of Teaching and Learning and the overall experience
More informationHow to Unlock Agility by Backing up to, from, and in the Cloud
WHITE PAPER: HOW TO UNLOCK AGILITY BY BACKING UP TO, FROM,....... AND.... IN.. THE.... CLOUD....................... How to Unlock Agility by Backing up to, from, and in the Cloud Who should read this paper
More informationIT Management On Demand
IT Management On Demand FUJITSU Cloud IT Management as a Service: Delivering Simple, Powerful and Unified IT Management Capabilities shaping tomorrow with you The Challenges of Managing a Dynamic IT Environment
More informationProject Portfolio Optimisation: Do you gamble or take informed risks?
PROJECT ADVISORY Project Portfolio Optimisation: Do you gamble or take informed risks? Leadership Series 8 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of
More informationINSIDE. Demystifying the Managed Security Service Provider Market. Symantec Enterprise Security
Symantec Enterprise Security WHITE PAPER Demystifying the Managed Security Service Provider Market INSIDE Effective security management and monitoring A closer look at management vs. monitoring How the
More informationLog Management: 5 Steps to Success
Log Management: 5 Steps to Success LogLogic, Inc Worldwide Headquarters 110 Rose Orchard Way, Ste. 200 San Jose, CA 95134 United States US Toll Free: 888 347 3883 Tel: +1 408 215 5900 Fax: +1 408 321 8717
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationHR Function Optimization
HR Function Optimization People & Change Advisory Services kpmg.com/in Unlocking the value of human capital Human Resources function is now recognized as a strategic enabler, aimed at delivering sustainable
More information2012 North American Managed Security Service Providers Growth Leadership Award
2011 South African Data Centre Green Excellence Award in Technology Innovation Cybernest 2012 2012 North American Managed Security Service Providers Growth Leadership Award 2011 Frost & Sullivan 1 We Accelerate
More informationMANAGED SECURITY SERVICES (MSS)
MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The
More informationCISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps
More informationProject Risk Management
PROJECT ADVISORY Project Risk Management Leadership Series 9 kpmg.com/nz About the Leadership Series KPMG s Leadership Series is targeted towards owners of major capital programmes, but its content is
More informationTHE CLOUD: PROGRESS AND POTENTIAL
THE CLOUD: PROGRESS AND POTENTIAL The cloud has made a tremendous amount of progress in a relatively short time on the technological landscape. Cloud solutions faced doubts soon after their introduction,
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationGMS NETWORK ADVANCED WIRELESS SERVICE PRODUCT SPECIFICATION
GMS NETWORK ADVANCED WIRELESS SERVICE PRODUCT SPECIFICATION 1. INTRODUCTION This document contains product information for the GMS Network Service. If you require more detailed technical information, please
More information