Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Published byBethanie Moore Modified over 9 years ago

Similar presentations

Presentation on theme: "Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information."— Presentation transcript:

1 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information Security

2 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 2 Challenges in Enterprise IT Security Today Options to address IT security challenges Agenda

3 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 3 3 *Ponemon Institute, LLC; 2007 Annual Study: U.S. Cost of a Data Breach Lost laptop or other device 49% Undisclosed 2% Malicious Code 4% Hacked systems 5% Electronic backup 7% Malicious insider 9% Paper Records 9% Third party or outsourcer 16% Primary Cause of data breach “Security is evolving from the traditional, perimeter-centric model of protecting infrastructure to a data-centric model that protects information” “…according to Gartner, insider threats are responsible for about 70% of security breaches” Pervasive Security in a Connected World, Wachovia, April 2007 Gartner estimates a breach of customer information can cost a company from $50 to $1,000 per customer record depending on the number of accounts impacted. Typical costs include:  Brand reputation  Lost customers  Loss of revenue Litigation and regulatory fines drive the numbers even higher  Audit Fees  Call Center expenses  Notification costs As the risks expand and the cost of associated losses increase, data protection is top of mind

4 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 4 Global Employees –Creating infrastructure to provide folks access to data, but controlling access to key data –Wanting to work from anywhere on any device –Blurring of lines between personal and business activities –Global resourcing Financial challenges & Global competition Global business partners –Allowing controlled access to data by 3 rd parties Concern about protecting client data, company intellectual property, & regulated data World wide regulations about handling data –Cross boarder data flow, Personal information, government data Enabling business Increased sophistication of hackers Challenges of Enterprise Security Today

5 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 5 Major Employee Sites Customer Fulfillment Manufacturing Employee Service Centers IBM Research Centers IBM Internal Data Centers 400,000 employees Approx. 200,000 contractors $102 B revenue in 2009 IBM’s Global Operations – A Challenge to secure

6 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 6 Risk Assessments –Communication mechanism –Prioritization –Acceptance of residual risk Policies –Centralized or Decentralized –IT, employee, 3 rd party Technical Solutions –Layers of defense –Preventative (ex: DLP) –Educational (ex: DLP) Compliance Programs –Self testing –Internal audit –External audit –Tools to automatically test Security Awareness & Training Crisis Management Program –Ability to move work –Loss of customer data –Loss of regulated data Penetration testing Variety of options to address security challenges

7 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 7 Network Security Architecture Threat Evaluation Incident Mgt. Malware Mitigation Identity Mgt & Use What We Sell Application Vulnerability Scanning 2000 2002 2004 2006 2008 2010 2012 SPI Protection Scope of Protection IBM IT Security Transformations

8 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 8 Corporate Instruction: "Information Technology Security” –Infrastructure security standards –Employee security standards –Third-party security and privacy standards  Vital business process standard  Data classification standard CIO IT security directives

9 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 9 Chief information security officer Physical security Chief privacy officer Chief risk officer Procurement Legal Marketing Human resources Corporate audit Third parties and vendors Security takes a team

10 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 10 10 Personal Firewall HIPS System Policy Processes Procedures LocalNetworkConnectionsAndFirewalls Campus IPS Email Server Antivirus Email Gateway Antivirus WAN Firewall Router ACLs Internet Gateway IPS Infrastructure Policy Processes Procedures Antivirus System Configuration  Current  Consistent  Compliant Defense in Depth for Blended Threat mitigation

11 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 11 Likelihood of Event Occurring (in next 12 months) Impact of Event Unlikely Likely Low High Highest Risk Exposure Possible Medium Lowest Risk Exposure A A  Impact of Event Loss of revenue Increased cost Brand reputation negative impact Loss of assets Loss of use of infrastructure  Likelihood of Event How likely is the event in the next 12 months. A B A C Risk Assessment Approach

12 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 12 Hard drive password Screen lock Encrypted databases Anti-virus with automatic updates Firewall configuration Limit peer-to-peer file sharing Password rules Windows service pack level Scans for security compliance of all Microsoft ® Windows ® and Linux ® end user PCs Workstation security tool

13 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 13 Security and data protection must always be top-of-mind. Reminders and tips shared with entire workforce. Corporate-wide messaging created umbrella for unit- and geo-specific initiatives. Employee Education

14 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 14 Thanks! Linda Betz Director, IBM IT Policy and Information Security lnbetz@us.ibm.com

15 Enterprise Computing Community June 13 - 15, 2010February 27, 2010 15 IBM and the IBM logo are registered trademarks, and other company, product or service names may be trademarks or service marks of International Business Machines Corporation in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product or service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates. Trademarks and notes

Download ppt "Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.

MOBILE DEVICES & THEIR IMPACT IN THE ENTERPRISE Michael Balik Assistant Director of Technology Perkiomen Valley School District.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
The Threat Within September 2004. Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.

The Threat Within September Copyright © 2004 Q1 Labs. All Rights Reserved Agenda Customer Pain Industry Solutions Network Behavior Enforcement Example.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Security Controls – What Works

Security Controls – What Works
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.

Rethinking Security to Enable Business LJ Johnson Nike’s Global Information Security Officer August 16, 2005.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd (610820-A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, 57000 Kuala Lumpur,

Security Posture Assessment (SPA) Headquarters: Ofisgate Sdn Bhd ( A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, Kuala Lumpur,
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google