How to manage IT Risks and IT Compliance as a Service



Similar documents
Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Introduction to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Rozwiązanie SaaS w zakresie bezpieczeństwa teleinformatycznego i ochrony danych dla przedsiębiorstw

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

IT Security & Compliance. On Time. On Budget. On Demand.

Bringing Continuous Security to the Global Enterprise

Delivering IT Security and Compliance as a Service

NE T GENERATION CLOUD SECURITY PLATFORM

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

Delivering IT Security and Compliance as a Service

Vulnerability Management

NEXPOSE ENTERPRISE METASPLOIT PRO. Effective Vulnerability Management and validation. March 2015

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Criticial Need for Stronger Network Security. QualysGuard SaaS-based Vulnerability Management for Stronger Security and Verification of Compliance

Dynamic Security for the Hybrid Cloud

BEST PRACTICES RESEARCH

Nine Steps to Smart Security for Small Businesses

Delivering Security & Compliance On Demand

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Continuous Network Monitoring

Log Management Solution for IT Big Data

Why are Companies in the EU Adopting More and More Cloud-Based Security Solutions? François GRATIOLET, Qualys Inc., CSO EMEA

An InControl Technology White Paper

access convergence management performance security

Security Services. 30 years of experience in IT business

Market Share Leadership of the Year, Vulnerability Assessment Global, 2010

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Cloud Computing An Auditor s Perspective

Strategies for the. Efficient CISO. The Shift into the Cloud

How to Grow and Transform your Security Program into the Cloud

The agile Cloud Brokerage approach. An innovative, business aligned and mature IT services delivery model!

How To Secure Cloud Computing

How to survive in a world of Virtualization and Cloud Computing, where you even can t trust your own environment anymore. Raimund Genes, CTO

8 Key Requirements of an IT Governance, Risk and Compliance Solution

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

How To Protect Your Cloud From Attack

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

BIG SHIFT TO CLOUD-BASED SECURITY

SECURITY & COMPLIANCE IN THE CLOUD AGE

The Future of IT Service Catalog: Beyond Request and Fulfill October 16, 2014

Assuring Application Security: Deploying Code that Keeps Data Safe

2011 Forrester Research, Inc. Reproduction Prohibited

Symantec Control Compliance Suite Standards Manager

A Vendor s Journey to SaaS & the Cloud

Optimize Business Productivity Evolve Your Business with the Cloud. Slide 1

"Advanced Vulnerability Management new approach to solve critical controls. Andrzej Kleśnicki Technical Account Manager Central Eastern Europe

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma

Cloud Enterprise Content Management

The Power of BMC Remedy, the Simplicity of SaaS WHITE PAPER

Network Security and Vulnerability Assessment Solutions

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Big Data & Its Bigger Possibilities In The Cloud

Secure Cloud Computing

Keeping your data yours

SecureVue Product Brochure

AUTOMATING THE 20 CRITICAL SECURITY CONTROLS

Cloud Security. Nantawan Wongkachonkitti Electronic Government Agency, Thailand Cloud Security Alliance, Thailand Chapter October 2014

Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station

Review: McAfee Vulnerability Manager

ITSM Essentials for Managing the Cloud

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

HP Fortify application security

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Akamai Security Products

Agenda. What is cloud? Cloud based services The Good bad and Ugly.. Anatomy of a cloud Guidelines for you

Software Defined Hybrid IT. Execute your 2020 plan

IS YOUR INFORMATION SECURE? Secure and reliable ICT. Our experience. Your benefit. SWISS CYBER SECURITY

Company Profile. First Page. Previous Page. Next Page. Last Page. A Member of Harel Mallac Group

Validation of a Cloud-Based ERP system, in practice. Regulatory Affairs Conference Raleigh. 8Th September 2014

How To Buy Nitro Security

Speed Up Incident Response with Actionable Forensic Analytics

Addressing Security for Hybrid Cloud

Real-Time Database Protection and. Overview IBM Corporation

ISO Information Security Management Systems Foundation

journey to a hybrid cloud

Expert Reference Series of White Papers. 10 Security Concerns for Cloud Computing

The Cisco Powered Network Cloud: An Exciting Managed Services Opportunity

Rational AppScan & Ounce Products

Cloud Security and Managing Use Risks

Cyber Security for Competitve Advantage: How SaaS Providers are Transforming their Business

Application Security 101. A primer on Application Security best practices

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Cloud and Data Center Security

Cloud Infrastructure Security Management

Find the intruders using correlation and context Ofer Shezaf

Cloud Romtelecom

Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Cloud SingularLogic:

HP ENTERPRISE SECURITY. Protecting the Instant-On Enterprise

SWASCAN ALL in ONE. SWASCAN Web Application SWASCAN Network SWASCAN Code Review

Incident Handling in the Cloud and Audit s Role

Integrated Threat & Security Management.

STREAM Cyber Security

Security Landscape of Cloud Computing

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Transcription:

How to manage IT Risks and IT Compliance as a Service in complex IS environment The Road Ahead in the Cloud Marek Skalický, CISM, CRISC Regional Account Manager for CAEE For SECURE 2012 Warsaw

Agenda IT/Security Management in the age of cyber-wars / APT Cloud approach to current IT/Security challenges IT all STARTS and ENDS with ASSETS! Can we measure and monitor IT Risk on-time? Can we audit and report IT Compliance on-demand? Can we run integrated web-site prevention and protection? Qualys provider of Security as a Service QualysGuard Integrated Security & Compliance Suite 2

IT/Security Management in cyber-wars / APT Current Challenges of IT/Security Management: - Highly Distributed & highly Diversified IT infrastructure In-house / Traveling / Hosted / Outsourced IT, Services and Applications Enterprise / Private_Cloud / Public_Cloud IT, Services and Apps Availability (SLA) versus Security (Risk Management) requirements Growing number of IT Vulnerabilities, Threats (Hacker attacks, Malware, APT) Very limited resources (HR, financial and time) & Virtualization Compliance requirements (ITIL, ISMS, BCM, ISO 2700X, Cobit, CIS) and EVERYTHING CHANGES IN TIME!!! Asset Value SaaS PaaS / IaaS Traveling Mobile devices Threat Public Clouds Private Clouds Internet In-house Enterprise ICT 3 Hosted IT Outsourced IT Vulnerability

Cloud approach to IT/Security challenges Cover maximum types of Assets, IT services and applications Cover maximum types of IT services Delivery Models Global scalability and flexibility Centralized Management Centralized Maintenance Centralized Database Centralized Reporting No HW/SW/HR investment No maintenance costs Delivered as Service On-demand and On-Schedule High level of automation Fast development-cycle Fast implementation process Intelligence & Result correlation Flexible in time and scope PaaS / IaaS SaaS Traveling Mobile devices Public Clouds Internet Hosted IT Private Clouds In-house Outsourced IT Enterprise ICT 4

IT ALL starts and ends with ASSETS Discover, Manage and Search IT Assets in Global infrastructure - Network layer - Application layer - Virtualization layer Organize ICT Assets using Tags - Static and Dynamic asset tagging - Hierarchical asset tagging - Automatic Tags self-updating Tagging/Searching/Reporting based - On platforms, applications, services - Asset responsibility and ownership - Based on Business Processes - Based on Business Value - Based on Localities, Purpose, 5

Can we measure & monitor IT Risk on-time? 6

Can we audit & report IT Compliance on-demand? 7

Can we run integrated web prevention-protection? 8

Qualys provider of Security as a Service Qualys in glance: - Founded 1999, on market since 2001 - Market Leader since 2008 - (Gartner, Forrester, IDC Analysis) - 5500+ customers in 90 countries - 51% of Fortune 100 companies Qualys performed in 2010-2011: - Over 600 million IP Vulnerability scans - Over 10 million Web Application scans - over 3 million Internet Browser checks audits - Over 2 million Web Applications SSL audits - Reached Six-Sigma scanning accuracy 9

QualysGuard Cloud Suite of Integrated Security & Compliance Solutions 10

Delivering a Global and Continuous View of Security and Compliance Device & Application Security The QualysGuard Cloud Platform and Suite of Integrated Solutions allow enterprises to discover and catalog all IT assets, and provides them with a continuous view of their security and compliance posture on a global scale. Benefits Fully automated continuous asset discovery, security & compliance assessments. Up-to-date security intelligence with no software to install and maintain. 11

Delivering a Global and Continuous View of Security and Compliance Integration with IT-GRC The QualysGuard Cloud Platform and Suite of Integrated Solutions automate the collection of security and compliance data with customizable policies, questionnaires and workflows, helping organizations to expedite compliance, and reduce cost. Benefits Agent-less compliance auditing supporting multiple regulatory mandates. Customizable questionnaires and workflows to evaluate controls, gather evidence and validate compliance. Seamless integration with enterprise GRC solutions. 12

Thank You mskalicky@qualys.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information