Www.QinetiQ-NA.com © QinetiQ North America, Inc. 2010 QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.

Slides:

Advertisements

Similar presentations

Institutional Insurance: Creating a Comprehensive Campus-wide IT Security Risk Management Program Brian Davis IT Security & Policy Office of Information.

Advertisements

U.Va.’s IT Security Risk Management Program (ITS-RM) April 2004 LSP Conference Brian Davis OIT, Security and Policy.

Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Information Security Governance

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Information Security Policies Larry Conrad September 29, 2009.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Boost your network security with NETASQ Vulnerability Manager.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

1 An Overview of Computer Security computer security.

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Computer Security: Principles and Practice

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

McGraw-Hill/Irwin © 2005 The McGraw-Hill Companies, Inc. All rights reserved Chapter The Future of Training and Development.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Enterprise Architecture

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Information Technology Audit

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Evolving IT Framework Standards (Compliance and IT)

The role of internal audit in enterprise-wide risk management (ERM)

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.

Consumer Empowerment Consumer Empowerment May 15, 2012 Presented by: Alparslan Bayraktar Commissioner Energy Market Regulatory Authority of Turkey (EPDK)

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

The CSO’s IT Strategy – using the GSBPM to support good governance MSIS 2010 – Daejeon April 2010 Joe Treacy Central Statistics Office.

Department of Defense Knowledge Fair Tim Young Office of Management and Budget September 27, 2007.

Randy Beavers CS 585 – Computer Security February 19, 2009.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.

Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?

The CSO’s IT Strategy and the GSBPM IT Directors Group October 2010 Joe Treacy Central Statistics Office Ireland.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc

GRC: Aligning Policy, Risk and Compliance

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

The NIST Special Publications for Security Management By: Waylon Coulter.

Info-Tech Research Group1 V3.1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services.

Traversing New Waters: Eight Years Post-Crisis A Panel on the Impact of the Regulatory Tsunami on Securities.

COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.

Jeff Warnock COSC 352 Indiana University of Pennsylvania Spring 2010.

Enabling Secure Multi-Organization Collaboration Andrew Porter IT Director, Enterprise Architecture Merck & Co., Inc.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

3 Do you monitor for unauthorized intrusion activity?

Issues and Protections

Attention CFOs How to tighten your belt and still survive May 18, 2017.

The Need for Business Transformation Enhanced Competition in Business Need For More Operational Efficiency Pressure To Reduce Cost More Focus On Customers.

Information Security based on International Standard ISO 27001

Transforming IT Management

I have many checklists: how do I get started with cyber security?

By Jeff Burklo, Director

JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS

Cybersecurity ATD technical

Outline What is governance and what does it comprise?

Managed Content Services

Business Continuity Program Overview

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.

Presentation transcript:

© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most Important Assets Ernest Doring QinetiQ-North America September 2010

© QinetiQ North America, Inc QinetiQ North America, Inc. Several factors make information security a growing concern for today’s organizations … Increased Automation: With significant reductions in the size of government, organizations are increasingly conducting business processes through network- based information environments. More critical information is being put on-line and is potentially exposed to greater risk. Increased network vulnerability: IT environments in many organizations are evolving into relatively open architectures. This potentially simplifies an attacker’s problem and increases system vulnerability. Increased cyber threat: Burgeoning technology has given rise to a new generation of computer intruders possessing a wide array of advanced intrusion tools which can inflict damage to a degree that formerly was the exclusive purview of nations. This means more chances for unauthorized users to successfully attack your systems. 2

© QinetiQ North America, Inc QinetiQ North America, Inc. … Add to that the Demands on IT & Security … Increased Competitive Pressures Better Efficiency and Consistency Increased Demand from Stakeholders More Regulations Eliminate Redundancy Increase Transparency and Accountability Increasing Demands on IT and Security 3

© QinetiQ North America, Inc QinetiQ North America, Inc. …Resulting in Organizations Asking the following Questions 4  Are our Information security initiatives aligned with our business needs?  Are our customers’ and business partners’ information security initiatives and requirements compliant and compatible with ours?  Are our information security practices providing adequate assurance to meet regulation or compliance requirements?  Are we perceived as a responsive organization meeting the needs of our stakeholders, our customers, and trading partners?  Do our information security controls align with industry-related and internationally accepted guidelines?  Are we aware of our security risks and are they being effectively managed?  Are we measuring the effectiveness of our information security Investments?

© QinetiQ North America, Inc QinetiQ North America, Inc. … But There is No Silver Bullet Solution SECURE SYSTEMS PROCESSTECHNOLOGY PEOPLE Systems Expert Security Expert Systems IA Expert 5

© QinetiQ North America, Inc QinetiQ North America, Inc. … So What Can Be Done? … Enterprise Security Framework Framework leads to an effective and efficient means to evaluate, design, implement, and sustain your security program 6

© QinetiQ North America, Inc QinetiQ North America, Inc. Enterprise Security Framework Benefits Provides increased efficiency and economy of security throughout the organization Provides the ability to ensure centralized enforcement and oversight and decentralized management The central level element helps to coordinate and manage use of limited security-related resources throughout the organization Ensure that mechanisms are in place to provide coordination and unity of action between the central and the system level components Ensures appropriate and cost-effective security for each system Together, the multilevel components of an enterprise-wide IT security program will protect an organization’s valuable information resources 7