The Security Scenario 2005: The Future of Information Security



Similar documents
A Gartner Hype Cycle. Gartner IT Security Summit June 2005 Marriott Wardman Park Hotel Washington, District of Columbia

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Proven LANDesk Solutions

BYOD and Your Business

IT Security Risks & Trends

The Evolving Security Landscape. Andreas M Antonopoulos Senior Vice President & Founding Partner

Payment Card Industry Data Security Standard

Guide to Evaluating Multi-Factor Authentication Solutions

Business Risk Assessment - A Primer

Avoiding the Top 5 Vulnerability Management Mistakes

The Key to Secure Online Financial Transactions

The Need for Intelligent Network Security: Adapting IPS for today s Threats

PCI Data Security Standards (DSS)

Did you know your security solution can help with PCI compliance too?

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

IBM QRadar Security Intelligence April 2013

How to Secure Your Environment

Mobility. Exploiting and Maintaining the New Face of Engagement. Huseyin Ozel CT, HP EMEA Enterprise Mobility September 2015

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Sygate Secure Enterprise and Alcatel

New possibilities in latest OfficeScan and OfficeScan plug-in architecture

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

SECURITY. Risk & Compliance Services

This policy shall be reviewed at least annually and updated as needed to reflect changes to business objectives or the risk environment.

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

Security Management. Keeping the IT Security Administrator Busy

AUDIT REPORT WEB PORTAL SECURITY REVIEW FEBRUARY R. D. MacLEAN CITY AUDITOR

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Passing PCI Compliance How to Address the Application Security Mandates

Extending Identity and Access Management

Information Security Policy

Why can you trust Google?

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Information Technology Solutions

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Security aspects of e-tailing. Chapter 7

SonicWALL PCI 1.1 Implementation Guide

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Understanding Vulnerability Management Life Cycle Functions

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Host/Platform Security. Module 11

The Information Security Problem

How are we keeping Hackers away from our UCD networks and computer systems?

Top tips for improved network security

MODERN THREATS DRIVE DEMAND FOR NEW GENERATION MULTI-FACTOR AUTHENTICATION

Cisco Security Optimization Service

How To Secure An Extended Enterprise

Take Control of Identities & Data Loss. Vipul Kumra

TECHNOLOGY BRIEF: INTEGRATED IDENTITY AND ACCESS MANAGEMENT (IAM) An Integrated Architecture for Identity and Access Management

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

Integrated Protection for Systems. João Batista Territory Manager

Section 12 MUST BE COMPLETED BY: 4/22

Identity and Access Management

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Security Services. 30 years of experience in IT business

Cyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO p f

Virtualization Beyond the Data Center: Increase Network Infrastructure Utilization and Efficiency to Reduce Operational Costs

Solution Recipe: Improve Networked PC Security with Intel vpro Technology

Industrial Security for Process Automation

Critical Security Controls

All Information is derived from Mandiant consulting in a non-classified environment.

SecureAge SecureDs Data Breach Prevention Solution

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

電 子 銀 行 風 險 - 認 證 與 核 實. Fraud Risk Management The Past and the Future 欺 詐 風 險 管 理 - 過 去 與 未 來

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Security within a development lifecycle. Enhancing product security through development process improvement

INTRUSION DETECTION SYSTEMS and Network Security

Network Security Scenario

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Fundamentals of Network Security - Theory and Practice-

THE THEME AREA. This situation entails:

Protecting Sensitive Data Reducing Risk with Oracle Database Security

IT Security and OT Security. Understanding the Challenges

PCI DSS Requirements - Security Controls and Processes

Using Ranch Networks for Internal LAN Security

How To Create Situational Awareness

Presented by: Mike Morris and Jim Rumph

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Data Security and Healthcare

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Computer Security: Principles and Practice

Intrusion Detection and Cyber Security Monitoring of SCADA and DCS Networks

Defending Against Data Beaches: Internal Controls for Cybersecurity

Result of the Attitude Survey on Information Security

Zone Labs Integrity Smarter Enterprise Security

Secure Your Mobile Workplace

Vendor Questionnaire

Establishing A Multi-Factor Authentication Solution. Report to the Joint Legislative Oversight Committee on Information Technology

Gabriel Coimbra Research & Consulting Director IDC Portugal. Porto, 29 de Maio

SCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005

Computer Security DD2395

Payments Fraud: It's Not Fun & Games

Overcoming PCI Compliance Challenges

Security and Privacy

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Transcription:

The Security Scenario 2005: The Future of Information Security Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with Gartner s official approval. Such approvals may be requested via e-mail quote.requests@gartner.com.

Security Continues to Be Top Priority

Disruptive Innovation Means the Need for InfoSecurity Is Here to Stay Mainframe Era PC LAN Client/Server Internet Wireless Web Services Hyper X, Quantum Y, Nano Z

Social and Technical IT Risk Drivers Converging in 2005 Bandwidth Wireless Storage Portable processing Significant Upgrades in Endpoint Technology Worker mobility Realtime access to data Apps from anywhere Increasingly sophisticated attack code Compliance requirements Growing professionalism of cybercrime

Risk Management approach to security Technical versus Business approaches Technical: find and remove software vulnerabilities Business: assess and then manage risks Better alignment with the business Talk their language Ensure that their goals and priorities are met Regulatory Compliance as a driver Forcing everyone to follow documented processes Treat uncertainty about requirements as opportunity Risk Management is good for business. And it is the law.

Attacks and Defense are Moving up Stack Deep-Packet Application Inspection Open Systems Interconnection (OSI) Model Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Application Presentation Session Transport Network Commodity Stateful Network Inspection Layer 2 Layer 1 Data Link Physical Growing importance of both Application Layer Defense and WS-Security

Multifaceted, Multichannel Crimes Methods Keyboard Logging Trojan Horses Hacking Phishing Pickpockets Mail Trash Insider Jobs Data User ID Password Credit Card Info. Check Acct. Info. Personal SSN, Driver's lic., DOB... Channels ATMs Web Banking Web Bill Pay New-Account Apps. Phone Banking Phone Bill Pay Physical Stores Online Stores ACH, EFT

IAM Defined User Identities, Transactions, Roles, Policies and Privileges Identity Management (Administration) Access Management (Real-Time Enforcement) A U D I T Identity Administration Administer Authenticate Authorize Authentication Services Enterprise Single Sign-On Password Management User Provisioning Metadirectory Business Relationship/Role Mgmt Enterprise Access Management Federated Identity Management Alarm/ Alerting Accountin g Physical Resources Applications Databases Directories Security Systems Operating Systems

Vulnerability Management Discover/Baseline Monitor Prioritize Shield & Mitigate Develop processes to protect IT environments against external attack and internal threats, and ensure corporate compliance with government regulations Maintain Controls & Eliminate Root Cause ISO/IEC 17799: Section 5.1 Accountability for assets Section 9.7 Monitoring system access and use Section 10.5 Security in development and support processes

Security Technologies You Will Need Stronger authentication Host-Based IPS: servers now 802.1x: device authentication NAC : Quarantine/Containment Gateway Spam/Antivirus Scanning Vulnerability Management Web Services Security Identity Management SSL/TSL Business Continuity Plan Will Need

Security Technologies You Don t Need Personal Digital Signatures Quantum Anything Passive Intrusion Detection Biometrics on the desktop Tempest Shielding/Paint Enterprise Digital Rights Management (Outside of Workgroups) 500-Page Security Policies Security Awareness Posters Complex Passwords Probably Don t Need

Recommendations Buy the most-secure products. Hire people you can trust. Stop counting attacks and start closing holes. Force new security investments to displace older, less-efficient security solutions. Protect your stakeholders, and they will protect your business. Embrace regulatory compliance as an opportunity, not a burden

The Security Scenario 2005: The Future of Information Security Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with Gartner s official approval. Such approvals may be requested via e-mail quote.requests@gartner.com.

Management and Mobility Approaches Increase Endpoint Trustability Reduce likelihood of platform subversion Decrease Contact with Endpoint Reduce impact if platform subverted Hardening Verification Terminal Virtualization NAC Thin Client Web Apps Applications Desktop Corporate ASP Decrease Contact with Network Virtual physical connection between end point and Home Wireless OS Phone home without the need to use your customer s network

Authentication and Identity Management Growing unacceptability of plain old passwords Phishing attacks against consumers Increasing mobility of remote corporate users Regulatory & compliance drivers Audit & investigation impossible without strong auth Separation of Duties and role control for transactions E-government requires citizen electronic identity New technology needs solid infrastructure Web services (SAML, XACML) Support for multiple remote access methods Comprehensive IAM is an essential foundation

Additional Areas of Attention for 2005 Anti-Nuisanceware: control spyware & adware Enterprises can no longer ignore problem Products barely meeting enterprise requirements Vulnerability Management Applying risk management principals to tech prob Automate the process to scale across enterprise No vendor provides complete solution today Control Data Leakage: ubiquitous Plug and Play Connect to the Internet: data flows Connect to USB portable storage device: data flows Continued dev of tech controls: convenience/risk

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information