1©2012 Check Point Software Technologies Ltd. Squashing Politics with Policy.

Slides:



Advertisements
Similar presentations
Security+ All-In-One Edition Chapter 17 – Risk Management
Advertisements

[Organisation’s Title] Environmental Management System
Environmental Management System (EMS)
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Introducing an environment for change and innovation into your recruitment business.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Tomas Pivoras - EMS experience1 Environmental management systems – experience from Lithuania Tomas Pivoras Kaunas University of Technology.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
DNS Arrow Virtualisation and the business opportunity it presents. Steve Pearce Managing Director.
The 10 Deadly Sins of Information Security Management
SOX & ISO Protect your data and be ready to be audited!!!
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
Personal Integrity Excellence Service Before Self RelationshipsJoy Safety Always Foundation: Our Core Values.
Slide 1 Test Assurance – Ensuring Stakeholders get What They Want Paul Gerrard Gerrard Consulting PO Box 347 Maidenhead Berkshire SL6 2GU UK e:
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Information Asset Classification
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Investigation Tips From the General Counsel’s Perspective.
Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Basics of OHSAS Occupational Health & Safety Management System
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
© 2013 Cambridge Technical CommunicatorsSlide 1 ISO/IEC Standard for Information Security Management Systems.
A.ABDULLAEV, Director of the Public Fund for Support and Development of Print Media and Information Agencies of Uzbekistan.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
1 Thank you for visiting our site and welcome to the “Introduction to ISO 22000” Presentation that you requested. For more information.
Introduction to Computer Security PA Turnpike Commission.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Beyond the Fortress Fortify Your Content Before it Travels Beyond the Firm Walls.
Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees.
ACCEPTABLE USE POLICY by Donna Varney Manchester Education Partnership.
Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.
1 The Value of Risk Management Risk management is an essential feature of successful project management If you don't manage risk your project will ultimately.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
INTERNAL CONTROLS What are they? Why should I care?
© University of Reading Information Technology Services 23 December 2015 Information Security Policy Mike Roch - Director of IT.
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.
ISO CONCEPTS Is a management standard, it is not performance or product standard. The underlying purpose of ISO 1400 is that companies will improve.
A CCEPTABLE U SE P OLICY Adrienne Ochs EDU D EFINITION Set of rules enforced by one who runs a network, website or a large computer system that.
Introduction to ITSM processes. CONFIDENTIAL Agenda Problem Management  Overview  High Level process Change Management  Overview  High Level process.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
Win Phillips, Ph.D Win Phillips, Ph.D. Clinical Assistant Professor University of Missouri Columbia, MO.
New York City PMI Chapter Professor Martin Flank MBA, PMP April 20, 2016 Managing Global Projects.
Workday: Data Privacy and Security Overview
ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
Vulnerability Management Programs & The Lessons Learned
Michael Wright • Chief Security Officer • Tech Lock
Review of IT General Controls
Data Minimization Framework
Lessons Learned in Managing IT Risk
Safeguards- Feedback on Safeguards ED-2 and Task Force Proposals
IS4680 Security Auditing for Compliance
Risk Mitigation & Incident Response Week 12
In the attack index…what number is your Company?
Awareness and Auditor training kit
Presentation transcript:

1©2012 Check Point Software Technologies Ltd. Squashing Politics with Policy

2©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges Foundation for acceptable security 2 2 Why it helps 3 3 Questions / Discussion 4 4 [Restricted] ONLY for designated groups and individuals

3©2012 Check Point Software Technologies Ltd. Why do we need security controls?  Protect company and client sensitive information  Protect company image  Save the company money  Protect critical applications that make your company money  Protect critical applications that provide services to the public

4©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges 2 2 Why it helps 3 3 Questions / Discussion 4 4 Foundation for acceptable security

5©2012 Check Point Software Technologies Ltd. Challenges with implementing security  Users don’t like change  Users don’t like the idea of freedoms being taken away  Users can feel accused if they are told they are doing something insecure  Security controls can break applications or functions in your IT infrastructure  Security requirements can slow down projects

6©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges Foundation for acceptable security 2 2 Why it helps 3 3 Questions / Discussion 4 4

7©2012 Check Point Software Technologies Ltd. Foundation for acceptable security Develop your Security Policy Develop Standard Operating Procedures Develop Implementation and Test Plans Develop an Approval Process for Policy Exceptions Develop Procedure for Post Mortem and Root Cause Analysis

8©2012 Check Point Software Technologies Ltd. Foundation for acceptable security Develop your security policy  SHOULD BE THE FOUNDATION OF SECURITY IN YOUR ORGANIZATION  Get this vetted by appropriate parties to be distributed and signed by everyone in your organization –HR (Especially for web content filtering!!) –Management –CIO, CISO, CTO, Director, etc.  Policy violations must have consequences

9©2012 Check Point Software Technologies Ltd. From Scratch?!?!...I don’t have time!  Plenty of free resources  sans.org/security-resources/

10©2012 Check Point Software Technologies Ltd. Foundation for acceptable security Develop an approval process for policy exceptions  When exceptions must be made to the policy –Communicate the risk –Keep a record of someone ELSE accepting the risk. –Someone in your direct chain of reports or someone designated to accept risk (like a compliance dept.) –Document the exception

11©2012 Check Point Software Technologies Ltd. Foundation for acceptable security Develop Standard Operating Procedures  Things that you do on a daily basis for Due Diligence  These practices are usually more specific to your group within the company  SOPs will change as security threat landscape evolves  Get this vetted and signed by your manager

12©2012 Check Point Software Technologies Ltd. Foundation for acceptable security  A thorough test plan will increase the probability of a successful deployment thus increasing user acceptance  Require testing of critical business applications or functions –By business units responsible for such applications  Always include a rollback plan and time to execute the rollback plan Develop implementation and test plans

13©2012 Check Point Software Technologies Ltd. Foundation for acceptable security  Doing this will: –Keep relevant facts of significant outages (Audit, Manager’s report, etc.) –Avoid misdiagnosis and discourage those from doing it in the future Develop Procedure for Post Mortem and Root Cause Analysis

14©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges Foundation for acceptable security 2 2 Why it helps 3 3 Questions / Discussion 4 4

15©2012 Check Point Software Technologies Ltd. Why it helps Increase user acceptance of security Increase confidence in security controls Increase user security awareness Minimize impact of implementing controls Will breed a professional and happy work environment with more unity among teams

16©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges Foundation for acceptable security 2 2 Why it helps 3 3 Questions / Discussion 4 4

17©2012 Check Point Software Technologies Ltd. Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.