Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.

Slides:

Advertisements

Similar presentations

OUR STRATEGIC PLANNING JOURNEY. The Department of Medicine Strategic Plan  Our roadmap for the future  It will shape and guide what the Department of.

Advertisements

Microsoft Operations Framework (MOF) 4.0

Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.

Primary Benefit Types Value Discipline Benefits – Operating Excellence Reduce Cost Reduce Risk – Product Leadership Increase Revenue – Customer Intimacy.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

Agenda COBIT 5 Product Family Information Security COBIT 5 content

Security Controls – What Works

Jim Seligman Chief Information Officer Welcome & Opening Remarks.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Global Management Accounting Principles overview and opportunity for research.

MEANS TO AN END: the OECD Approach for Effective Implementation of Public Procurement Systems Getting really strategic Paulo Magina Head of the Public.

Security Risk Management Paula Kiernan Ward Solutions.

Patch Management Strategy

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.

Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.

SecureAware Building an Information Security Management System.

Bill Newhouse Program Lead National Initiative for Cybersecurity Education Cybersecurity R&D Coordination National Institute of Standards and Technology.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

Audits & Assessments: What are the Differences and How Do We Learn from the Results? Brown Bag March 12, 2009 Sal Rubano – Director, Office of the Vice.

Unify and Simplify: Security Management

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Protect critical information with a smart information-based-risk management strategy. Prepared by: Firas Mohamed Taher.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Business Productivity Infrastructure Optimization The Business Productivity Infrastructure Optimization Campaign For Microsoft Office 2007 Module 25 –

European Broadband Portal Phase II Application of the Blueprint for “bottom-up” broadband initiatives.

MEDIU Learning for HE Ahmad Nimer | Project Manager.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Enterprise Risk Management Chapter One Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

HP and Microsoft Solutions for Microsoft Exchange Server 2007 with HP Servers and Storage Presented by: Plaza Dynamics.

RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.

Catawba County Board of Commissioners Retreat June 11, 2007 It is a great time to be an innovator 2007 Technology Strategic Plan *

Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Comprehensive Project Management Solutions with the.NET Server family.

Module 1: Overview of Microsoft Office SharePoint Server 2007.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Advancing Security Progress and Commitment Stuart Okin Chief Security Advisor – Microsoft UK Delivering on security (an update on progress)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

2014 NPMA Spring Seminar Value Through Professional Asset Management Implementing ISO Contracts Jim Dieter.

Chapter 1: Security Governance Through Principles and Policies

IS3220 Information Technology Infrastructure Security

Asif Jinnah Field Desktop Services Enabling a Flexible Workforce, an insider’s view.

Supporting Communities Strategic Plan Background to Supporting Communities Supporting Communities NI (SCNI) was set up in 1979 as a small estate.

CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Cybersecurity as a Business Differentiator

Identify the Risk of Not Doing BA

Security Engineering.

Making Information Security Manageable with GRC

Sustainability Corporations, Capital Markets and Global Economy.

Cybersecurity ATD technical

Albeado - Enabling Smart Energy

Security in the Real World – Plenary Day One

In the attack index…what number is your Company?

Value Proposition Celemi Sales Endeavour™ enables sales professionals, and their organizations, to learn and apply a repeatable process for developing.

Presentation transcript:

Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA

Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

Introduction The Security of Inclusion “Enablement” The Security of Exclusion “Protection” Source: PricewaterhouseCoopers LLP

Challenge to meet conflicting requirements Security Availability Control Functionality Cost Finding the Right Balance

Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

Management responsibility Security Objectives: Source : “IT Security Governance”, the IT Governance Institute (ITGI.org) “Protecting the interests of those relying on information, Business and the systems and communications that deliver the information, Assets from harm resulting from failures of availability, confidentiality and integrity.” risks

Security management activity Policy Development Roles and Responsibilities DesignImplementationMonitoring Awareness, Training and Education Source : the International Guidelines for Managing Risk of Information and Communications Statement #1: Managing Security of Information, issued by the International Federation of Accountants

Business enablers New technology provides the potential for dramatically enhanced business performance, Information security can add real value to the organization by contributing to: interaction with trading partners, closer customer relationships, improved competitive advantage and protected reputation. It can also enable new and easier ways to process electronic transactions and generate trust.

Security Enabled Business Reduce Security Risk Assess the environment Improve isolation & resiliency Develop and implement controls Increase Business Value Connect with customers Integrate with partners Empower employees Risk Level Impact to Business Probability of Attack ROI Connected Productive

Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

Business Challenges Requiring Security Solutions eCommerce Electronic Contract Signing Electronic Contract Signing Non-Repudiation Non-Repudiation Digital Rights Management Digital Rights Management Compliance with Regulation Basel II Basel II Data Protection Regulation Data Protection Regulation E-Commerce Regulation (eSignature, eProcurment, eInvoice, …) E-Commerce Regulation (eSignature, eProcurment, eInvoice, …) Collaboration & Communication Confidentiality Confidentiality Authentication Authentication Availability Availability Secure Extranet Secure Extranet Mobile Workforce Remote Access, VPN Remote Access, VPN Wireless LAN Wireless LAN Protect Laptop Protect Laptop Single-Sign-On Single-Sign-On

Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

What about security and Microsoft technology? How much to trust any technology, any business process and operations? Need for adequate risk management process Risk mitigation projects to be championed by management What is Microsoft’s track record in security and what are its perspectives Analyze how those could impact own critical business?

36 Days after availability Number of Bulletins 6 “Critical” & “Important” Security Bulletins Quality & Engineering Excellence

Common Criteria Certification Microsoft will certify all eligible products Stable Protection Profile available Demonstrated customer need Window Server 2000, Windows 2000 & Windows 2000 Certificate Server Certified EAL4+ ISA Certified EAL2 Windows Server 2003, Windows XP, ISA 2004 In evaluation SQL Server, Exchange In planning

Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

Components of Risk Assessment AssetThreat Impact VulnerabilityMitigation Probability + + = = What are you trying to assess? What are you afraid of happening? What is the impact to the business? How could the threat occur? What is currently reducing the risk? How likely is the threat given the controls? Current Level of Risk What is the probability that the threat will overcome controls to successfully exploit the vulnerability and affect the asset? Operating Principles Mission and Vision Risk Based Decision Model Tactical Prioritization

“Economic impact" of a security incident? Business not a professional exercise Related to asset identification and valuation Impact should include various cost elements Loss of opportunity Reputation impact Replacement costs The value of integrity availability and confidentiality of information

Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

A complexity issue Continuous complexity of systems, processes and number of involved stakeholders Stakeholders include business decision makers (BDM) Alignment is required between TDB and BDN on: Security requirements driven by enterprise requirements Security solutions fit for enterprise processes Investment in information security aligned with the enterprise strategy and agreed-upon risk profile

Resources General Consumers Security Guidance Center Tools How Microsoft IT Secures Microsoft E-Learning Clinics Events and Webcasts

Security Mobilization Initiative Security = People, Processes & Technology Training & Offerings Security Partners CTEC’s Microsoft Events Tools Security Guidance Kit

Next Events TechNet Evening: Application & Data Security 17, 18, 19 May Active Directory Security June 3 rd John Craddock MSDN Evening Chapter June 3 rd SharePoint Development TechNet Evening: Advanced Client & Server Security 22, 23, 24 June