Information Security Management at the Olympics: Finding the Needle in the Haystack

Similar documents
CAS8489 Delivering Security as a Service (SIEMaaS) November 2014

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

integrating cutting-edge security technologies the case for SIEM & PAM

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

decisions that are better-informed leading to long-term competitive advantage Business Intelligence solutions

How To Get Smart Cards From Atos

MASSIF: A Promising Solution to Enhance Olympic Games IT Security

How To Buy Nitro Security

CASSIDIAN CYBERSECURITY SECURITY OPERATIONS CENTRE SERVICES

QRadar SIEM 6.3 Datasheet

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Company Profile atos.net

IBM Security QRadar Vulnerability Manager

secure user IDs and business processes Identity and Access Management solutions Your business technologists. Powering progress

Extreme Networks Security Analytics G2 Vulnerability Manager

Assuria from ZeroDayLab

Text Analytics and Big Data

Power Trading and Retail System. empowering. smarter trading. across the energy value chain. Smart energy. Powering progress

Vulnerability Management

BIG DATA Alignment of Supply & Demand Nuria de Lama Representative of Atos Research &

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

Cloud Infrastructures for Smart Scenarios IOT/Cloud - EU-Japan Symposium on New Generation Networks and FutureInternet Tokio

Intelligence Driven Security

locuz.com Professional Services Security Audit Services

Data Analytics as a Service

Atos Cloud Solutions with EMC. Milena Pavlović Infrastructure and Cloud Solutions

Atos Origin - Advance your Business Atos Origin Enterprise Compliance Portfolio

Sygate Secure Enterprise and Alcatel

We are Passionate about Total Security Management Architecture & Infrastructure Optimisation Review

Data Center Infrastructure Management. optimize. your data center with our. DCIM weather station. Your business technologists.

Effective Threat Management. Building a complete lifecycle to manage enterprise threats.

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

freedom business unleashed enterprise cloud computing Your business technologists. Powering progress

RSA Security Analytics

Real-Time Security for Active Directory

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

prepare for the unknown stay in control in an age of evolving cyber threats Your business technologists. Powering progress

UNDERSTANDING EVENT CORRELATION AND THE NEED FOR SECURITY INFORMATION MANAGEMENT

Metrics that Matter Security Risk Analytics

IBM QRadar Security Intelligence April 2013

Security Information & Event Management (SIEM)

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Best Practices for a BYOD World

What is Security Intelligence?

Security Information Management (SIM)

Compliance Guide: PCI DSS

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

PCI DSS Reporting WHITEPAPER

Technology Blueprint. Protect Your Servers. Guard the data and availability that enable business-critical communications

Logical Operations CyberSec First Responder: Threat Detection and Response (CFR) Exam CFR-110

Security. Security consulting and Integration: Definition and Deliverables. Introduction

Alcatel-Lucent Services

FISMA / NIST REVISION 3 COMPLIANCE

Caretower s SIEM Managed Security Services

Big Data & Security. Aljosa Pasic 12/02/2015

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Revenue Protection for Smart Utilities. dig value from Big Data. Smart energy. Powering progress

Financial Crime Management EIFR workshop 19th November 2015

G-Cloud Service Description. Atos Microsoft Dynamics CRM on Demand

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Strengthen security with intelligent identity and access management

The Business Case for Security Information Management

HEC Security & Compliance

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Q1 Labs Corporate Overview

QRadar SIEM and FireEye MPS Integration

White Paper: Meeting and Exceeding GSI/GCSx Information Security Monitoring Requirements

What s New in Security Analytics Be the Hunter.. Not the Hunted

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Information & Asset Protection with SIEM and DLP

How To Monitor Your Entire It Environment

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Cloud Computing Alignment to Service Management (ITIL v3)

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Real-Time Security Intelligence for Greater Visibility and Information-Asset Protection

SIEM Implementation Approach Discussion. April 2012

APIs The Next Hacker Target Or a Business and Security Opportunity?

flexible asset management and logistics solutions Your business technologists. Powering progress

V1.4. Spambrella Continuity SaaS. August 2

Business white paper. Missioncritical. defense. Creating a coordinated response to application security attacks

Transcription:

Information Security Management at the Olympics: Finding the Needle in the Haystack Markus J. Krauss VP Cloud Computing and Service Provider mjk@netiq.com Chris Van Den Abbeele Solution Manager ISRM chris.vandenabbeele@atos.net

Agenda Who is Atos, Who is Novell/NetIQ The Olympic Environment The IT project Information Security Methodology Trends in information security at the Olympics What s in it for me? 2

Atos and Novell/NetIQ 3

Who is Atos? Atos is an international information technology services company. Its business is turning client vision into results through the application of consulting, systems integration and managed operations. Atos is the Worldwide Information Technology Partner for the Olympic Games and has a client base of international blue-chip companies across all sectors. Atos is quoted on the Paris Eurolist Market and trades as Atos, Atos Worldline and Atos Consulting. 4

Atos and Siemens IT Solutions and Services 5

Atos and The Olympics Started supplying software for Barcelona 92 Contract with IOC awarded in 98 as Integrator The largest ever Sports IT related contract Reduce risks and reduce costs Two extensions, the current contract up to 2016 8 Games Salt Lake City, USA 02 Athens, Greece 04 Turin, Italy 06 Beijing, China 08 Vancouver, Canada 10 London, Great Britain 12 Sochi, Russia 14 Rio de Janeiro 16 6

The Olympics Environment 230.000 accreditations (Beijing) 40 Venues/70+ Competition venues (Beijing) 7

The Scale of IT 8

The IT Project Highly visible and critical, no second chances This is an IT project with a deadline that does not move that does not move Complex mix of technology, processes and people with no room for error A risk-management driven project Massive testing program Knowledge capture industrialization integrate in Atos High Performance Security (AHPS) service, now available to all customers 9

Methodology: End-to-end Information Security UNDERSTAND Understand Business Requirements Identify normal Behavior ANALYZE Evaluate the Risk (based on scenario) BUILD Implement Architecture Define Security Metrics MEASURE Measure Security Posture Define criticality of Systems and Data Define controls (based on scenario) Assess Vulnerability Audit Enforce Security Controls Using Technology Enforce Monitoring Controls Using Technology RUN Respond to the Incident Monitor for abnormal Behavior Use adopted Real Time Risk Management Technology 10

Risk Modeling Scenarios: What How What for What: describes the threat How: defines which vulnerability is exploited to break into the target What for: describes the purpose of the attack Example of scenario: A worm is released in the CIS VLAN through OS vulnerability to disturb the commentators Validation of the scenarios: Penetration Testing (TR1 & TR2) Security Reviews (Internal AO project team) 11 2011 NetIQ Corporation. All rights reserved.

Impact Risk Mitigation Strategy Qualitative risk measurement Top down (scenarios) and bottom up approach (from IT) Consider the following controls for each scenario: preventive Preventive Sc 8 Detective Corrective detective Sc 17 Sc 2 Corrective These controls become the building blocks for: security policies procedures architecture monitoring Sc 19 Sc 4 Sc 20 Sc 1 Sc 22 Sc 11 Sc 12 Sc 3 Sc 21 Sc 16 Sc 6 Sc 18 Sc 5 Sc 14 Sc 7 Sc 9 Sc 10 Sc 15 Sc 13 Likelihood of Occurrence 12

Integrated Security Service Desk Configuration Management Incident Management Problem Management Release Management Change Management Service Level Management Financial Management Capacity Management IT Services Continuity Management Availability Management Information Security Training Input for Security Risk Management Incident Response Handling Process Security Monitoring Vulnerability and Patch Management Member of the CCB Level of Security Alarms Match Severity of the Incident Security Risk Management Input to Security Risk Management Input to Security Risk Management Input to Security Risk Management Information Security is not an extra domain Information Security is a transversal activity Information Security is integrated (embedded) with the rest of IT Operations 13

Testing and Training Applications go through exhaustive integration testing programs. Systems undergo technical tests where performance, load and fault performance are tested to their limit. Teams are trained following comprehensive programs to be ready to operate the systems and react to different scenarios according to the defined policies and procedures. 14

Operations The challenge: How to recognize real threats in 12,000,000 security events / day? How to understand over 20,000 security event types? 15

Operations The solution: Real Time Security Risk Management Implement a Security Information and Event Management (SIEM) solution Perform Intelligent Event Processing Active Filtering Aggregation & Correlation Prioritization Real Time Auditing Predefined Incident Management Process 12,000,000 10,000,000 8,000,000 6,000,000 4,000,000 2,000,000-16

Results Security Information Reduction (Daily) 17

Results Security Information Reduction (Daily) No Business Impact 18

The Trend in Information Security at the Olympics 19

Security Monitoring Security monitoring per environment SIM v 2 - Correlation with business rules - Improved reporting - Improved performance Security Information Management providing: Collection, Filtering, Aggregation, Correlation, Prioritization across the different environments SIM v3 - Auto Audit integration - Auto learning rules - Multilayer processing Speed: As close as possible to real-time: from minutes to seconds Relevance: from 3 million events logged to 3 attempts prevented 20

Identity Management - Active Directory for Windows environment - LDAP for UNIX environment - Radius for Network environment - Oracle and SQL authent. for Apps and DB - IdM system implemented - Access control based on job description - Approval based on organizational structure - Directory synchronization: Active Directory to LDAP - Application authenticating against AD and LDAP IdM workflow fully integrated with Operational procedures Increase consistency: from environment based to job description based Decrease account creation time: from days to hours 21

Future Plans: Intelligent SIEM Identity Management Security Monitoring Security Event information in real time enriched with intelligence from Identity Management When we send a Security Guard to investigate, they are no longer looking for an IP address, they are looking for a face 22

Innovation 23

Innovation is about turning new ideas into real business value Our know-how and experience from the Olympics is integrated in our Atos High Performance Security (AHPS) service, which is now available to all customers As it is offered as a cloud service, it can provide value from day one 24

If you re facing any of these regulations Then see us on Atos High Performance Security UK: GPG-13 (Government) and PCI-DSS France: RGS (Référentiel Général de Sécurité') and PCI-DSS Germany: BSI, ISO2700x and PCI-DSS Netherlands: 'Code voor Informatiebeveiliging' (based on the standard ISO 27001 and the code of practice ISO 27002) Spain: LOPD (Organic Law for Data Protection), and ISO 2700x 25

If We Can Do it for The Olympic Games, Imagine What We Can Do For You! Thank you Markus J. Krauss VP Cloud Computing and Service Provider mjk@netiq.com Chris Van Den Abbeele Solution Manager ISRM chris.vandenabbeele@atos.net 26

Thank you Chris Van Den Abbeele Solution Manager ISRM Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGrid are registered trademarks of Atos SA. June 2011 2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information