Presentation is loading. Please wait.

Presentation is loading. Please wait.

1©2012 Check Point Software Technologies Ltd. Squashing Politics with Policy.

Published byAugustus Whitehead Modified over 9 years ago

Similar presentations

Presentation on theme: "1©2012 Check Point Software Technologies Ltd. Squashing Politics with Policy."— Presentation transcript:

1 1©2012 Check Point Software Technologies Ltd. Squashing Politics with Policy

2 2©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges Foundation for acceptable security 2 2 Why it helps 3 3 Questions / Discussion 4 4 [Restricted] ONLY for designated groups and individuals

3 3©2012 Check Point Software Technologies Ltd. Why do we need security controls?  Protect company and client sensitive information  Protect company image  Save the company money  Protect critical applications that make your company money  Protect critical applications that provide services to the public

4 4©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges 2 2 Why it helps 3 3 Questions / Discussion 4 4 Foundation for acceptable security

5 5©2012 Check Point Software Technologies Ltd. Challenges with implementing security  Users don’t like change  Users don’t like the idea of freedoms being taken away  Users can feel accused if they are told they are doing something insecure  Security controls can break applications or functions in your IT infrastructure  Security requirements can slow down projects

6 6©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges Foundation for acceptable security 2 2 Why it helps 3 3 Questions / Discussion 4 4

7 7©2012 Check Point Software Technologies Ltd. Foundation for acceptable security Develop your Security Policy Develop Standard Operating Procedures Develop Implementation and Test Plans Develop an Approval Process for Policy Exceptions Develop Procedure for Post Mortem and Root Cause Analysis

8 8©2012 Check Point Software Technologies Ltd. Foundation for acceptable security Develop your security policy  SHOULD BE THE FOUNDATION OF SECURITY IN YOUR ORGANIZATION  Get this vetted by appropriate parties to be distributed and signed by everyone in your organization –HR (Especially for web content filtering!!) –Management –CIO, CISO, CTO, Director, etc.  Policy violations must have consequences

9 9©2012 Check Point Software Technologies Ltd. From Scratch?!?!...I don’t have time!  Plenty of free resources  sans.org/security-resources/

10 10©2012 Check Point Software Technologies Ltd. Foundation for acceptable security Develop an approval process for policy exceptions  When exceptions must be made to the policy –Communicate the risk –Keep a record of someone ELSE accepting the risk. –Someone in your direct chain of reports or someone designated to accept risk (like a compliance dept.) –Document the exception

11 11©2012 Check Point Software Technologies Ltd. Foundation for acceptable security Develop Standard Operating Procedures  Things that you do on a daily basis for Due Diligence  These practices are usually more specific to your group within the company  SOPs will change as security threat landscape evolves  Get this vetted and signed by your manager

12 12©2012 Check Point Software Technologies Ltd. Foundation for acceptable security  A thorough test plan will increase the probability of a successful deployment thus increasing user acceptance  Require testing of critical business applications or functions –By business units responsible for such applications  Always include a rollback plan and time to execute the rollback plan Develop implementation and test plans

13 13©2012 Check Point Software Technologies Ltd. Foundation for acceptable security  Doing this will: –Keep relevant facts of significant outages (Audit, Manager’s report, etc.) –Avoid misdiagnosis and discourage those from doing it in the future Develop Procedure for Post Mortem and Root Cause Analysis

14 14©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges Foundation for acceptable security 2 2 Why it helps 3 3 Questions / Discussion 4 4

15 15©2012 Check Point Software Technologies Ltd. Why it helps Increase user acceptance of security Increase confidence in security controls Increase user security awareness Minimize impact of implementing controls Will breed a professional and happy work environment with more unity among teams

16 16©2012 Check Point Software Technologies Ltd. Agenda 1 1 Challenges Foundation for acceptable security 2 2 Why it helps 3 3 Questions / Discussion 4 4

17 17©2012 Check Point Software Technologies Ltd. Questions?

Download ppt "1©2012 Check Point Software Technologies Ltd. Squashing Politics with Policy."

Similar presentations

Security+ All-In-One Edition Chapter 17 – Risk Management

Security+ All-In-One Edition Chapter 17 – Risk Management
[Organisation’s Title] Environmental Management System

[Organisation’s Title] Environmental Management System
Environmental Management System (EMS)

Environmental Management System (EMS)
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.

Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Introducing an environment for change and innovation into your recruitment business.

Introducing an environment for change and innovation into your recruitment business.
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
Tomas Pivoras - EMS experience1 Environmental management systems – experience from Lithuania Tomas Pivoras Kaunas University of Technology.

Tomas Pivoras - EMS experience1 Environmental management systems – experience from Lithuania Tomas Pivoras Kaunas University of Technology.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
DNS Arrow Virtualisation and the business opportunity it presents. Steve Pearce Managing Director.

DNS Arrow Virtualisation and the business opportunity it presents. Steve Pearce Managing Director.
The 10 Deadly Sins of Information Security Management

The 10 Deadly Sins of Information Security Management
SOX & ISO 27001 Protect your data and be ready to be audited!!!

SOX & ISO Protect your data and be ready to be audited!!!
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
Personal Integrity Excellence Service Before Self RelationshipsJoy Safety Always Foundation: Our Core Values.

Personal Integrity Excellence Service Before Self RelationshipsJoy Safety Always Foundation: Our Core Values.
Slide 1 Test Assurance – Ensuring Stakeholders get What They Want Paul Gerrard Gerrard Consulting PO Box 347 Maidenhead Berkshire SL6 2GU UK e:

Slide 1 Test Assurance – Ensuring Stakeholders get What They Want Paul Gerrard Gerrard Consulting PO Box 347 Maidenhead Berkshire SL6 2GU UK e:
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.

Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Information Asset Classification

Information Asset Classification
Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Compliance System Validation - An Audit Based Approach December 2012 Uday Gulvadi, CPA, CIA, CISA, CAMS Director - Internal Audit, Risk and Compliance.

Similar presentations

Ads by Google