Download presentation
Presentation is loading. Please wait.
Published byBerniece Avis Leonard Modified over 9 years ago
1
Symantec Security Program Assessment and the Symantec Security Management Model
2
IT Security used to be much simpler A single team addressed the problems Incident management was centered around the security team Security devices were owned and operated by the security team Software was just anti- virus Security Management and Measurement Programs 2
3
Less Redundancy As organizations run faster and leaner, security budgets are under pressure. Less Redundancy As organizations run faster and leaner, security budgets are under pressure. IT Security Now Security Management and Measurement Programs 3 Outsourcing 81% of firms outsource up to 50% of their IT functions Outsourcing 81% of firms outsource up to 50% of their IT functions Distributed Control Security requires software and hardware all throughout the IT environment. Distributed Control Security requires software and hardware all throughout the IT environment. Culpepper Compensation Survey, 2007
4
What is your guide to a complete program to address all your firm’s needs? Three questions you need to answer. 4 How do you ensure that your business partners and outsourcers don’t leave you exposed? Security Management and Measurement Programs What helps you determine the correct amount of effort to spend on the different areas of security at your firm?
5
Symantec Security Management Model What is the model? The Symantec Security Management Model was developed as a graphical tool to facilitate wide-ranging discussions about our customer’s information security programs The Model examines security from three perspectives… People “Strategic” Process “Operational” Technology “Tactical” …across seven core areas: Security Strategy Security Organization Secure Operations Business Continuity Network & System Security Application Security Data Security 5 Security Management and Measurement Programs
6
6 Symantec Security Management Model What does the model look like? Security Management and Measurement Programs
7
Symantec Security Management Model How do our clients use the model? In order to ensure that all security responsibilities are clearly understood throughout the enterprise To determine the maturity of their security programs Identifying areas of strength and opportunities for improvement Addressing areas of excess security expenditure 7 Customer driven We developed this service to meet our clients’ need for a systematic, scalable and repeatable process to assess the maturity of their IT Security activities which could be easily communicated to executive management Security Management and Measurement Programs
8
8 Security Management and Measurement Programs What is the Security Program Assessment? Consultative engagement intended to: Evaluate the maturity for a security program against the framework Identify the desired state of security capabilities Prioritize roadmap for achieving information security goals Utilizing a well-defined methodology that engages: Senior Management Business Stakeholders Technical Owners Conducted in a series of: Interviews Risk Workshops Documentation Review Typical engagement 3 weeks offsite planning 3-4 weeks onsite delivery Security Management and Measurement Programs
9
9 Security Management and Measurement Programs What is the Security Program Assessment? Security Management and Measurement Programs
10
10 Security Management and Measurement Programs What are the results of the Security Program Assessment? Detailed Analysis Covering all 42 elements of the framework Defined Capability Maturity Model Five Levels of evaluation Focused on each element Detailed subcategories Heat Map of the Core Areas Current State Desired State Executive Summary Capability Maturity Model Rating Prioritized Action Plan Security Management and Measurement Programs
11
11 Security Management and Measurement Programs What are the results of the Security Program Assessment? Detailed Analysis Covering all 42 elements of the framework Defined Capability Maturity Model Five Levels of evaluation Focused on each element Detailed subcategories Heat Map of the Core Areas Current State Desired State Executive Summary Capability Maturity Model Rating Prioritized Action Plan Security Management and Measurement Programs
12
12 Security Management and Measurement Programs What are the results of the Security Program Assessment? Detailed Analysis Covering all 42 elements of the framework Defined Capability Maturity Model Five Levels of evaluation Focused on each element Detailed subcategories Heat Map of the Core Areas Current State Desired State Executive Summary Capability Maturity Model Rating Prioritized Action Plan Security Management and Measurement Programs
13
13 Security Management and Measurement Programs What are the results of the Security Program Assessment? Detailed Analysis Covering all 42 elements of the framework Defined Capability Maturity Model Five Levels of evaluation Focused on each element Detailed subcategories Heat Map of the Core Areas Current State Desired State Executive Summary Capability Maturity Model Rating Prioritized Action Plan Security Management and Measurement Programs
14
Security Management and Measurement Programs Who’s using the Security Program Assessment? 14 IndustryServices Results Financial Services Conducted Maturity Assessments of Information Security Program in order to measure improvements in capability over the past eighteen months Insurance Utilized the Symantec Security Management Model to compare and contrast anticipated program improvements to be gained from key security initiatives Retail Conducted Maturity Assessments of core and subsidiary business units to align program objectives Modeled future program initiatives using the model Government Used the model as a framework to establish IT Security Program and to communicate and collaborate on security initiatives across multiple, autonomous divisions Security Management and Measurement Programs
15
Security Management and Measurement Programs What are people saying about the Security Program Assessment? 15 [The service] which highlights numerous security postures and attributes a risk level to each one, gives us a snapshot of where we are. It really provides a comprehensive picture of each of the different pieces to the larger security landscape. Not only do I find it useful, but I've shown it to the audit committee and to other executives to explain our current security state and our direction over the next year. Dave Cullinane CISO, eBay Marketplaces CIO Digest Magazine, October 2007 Security Management and Measurement Programs
16
16 Symantec Services Portfolio Symantec Global Services offers deep technical knowledge and expert resources to protect and manage your information-driven world Consulting –Advisory Services –Product Enablement Services –Residency Services Hosted Services –DeepSight Early Warning Services –Symantec Protection Network –MessageLabs Managed & Hosted Services Enterprise Support Professional Services Enterprise Support –Business Critical Services –Essential Support –Basic Maintenance Education –Technical Training –Custom Learning Services Managed Services –Managed Security Services –Managed Backup Services Security Management and Measurement Programs
17
Symantec Services Portfolio Consulting Services Data Centre Transformation Data Center Strategy and Planning Standardization services Green IT Assessment Future State Architecture IT Service Management Security Strategic Services (e.g., Security Program Assessment) Secure Application Services Secure Infrastructure Services Operations Services (e.g., Security Policy / Program) Compliance Services Advisory Services Product Enablement Residency Services Representative Products SEP, Altiris EV, Control Compliance Suite, Vontu Veritas Storage Foundation NetBackup, PureDisk Solution Domains Security Information Risk and Compliance Storage Infrastructure Operations Business Continuity Services Executive/ Strategic advisory Operations management Services Assessment, Design, Transform & Operate Upgrades / Solution Reviews Integration Services Health-checks Security Management and Measurement Programs
18
Symantec Services Portfolio Managed Services Symantec’s Global Intelligence Network Database of 25,000+ Vulnerabilities Attack Quarantine System (Honeypot) 40,000 registered sensors in 200+ countries 120 million threat/virus submission systems 2,000,000 decoy accounts in the Symantec Probe Network 200,000 Malicious Code Submissions per month Deepsight Global Intelligence Services Threat Management System Alert Services Recent Introductions Deepsight Datafeeds v3.0 Managed Security Services Early Warning Services Managed Backup Services Core Services Security Monitoring Security Management Vulnerability Assessment Services Vulnerability Data Integration Recent Introductions Managed Threat Analysis Gold Firewall Monitoring Bundled IDP Solution Bot-aware network detection Traffic Anomaly Detection Security Device Virtualisation Future Planned Offerings Log Management Service (Nov 2008) Managed Endpoint (Jan 2009) Service Features 24 x 7 x 365 proactive management of backup environment SLAs backed by penalties Local account management Daily status reports of SLAs Regular monthly service reviews Fixed monthly fee Delivery Model “Best shoring” model, using local administrators and service deliver managers + remote 24x7 operations Standard transition plan and methodology Security Management and Measurement Programs
19
Security Management and Measurement Programs What are the Next Steps to move forward? Account Team can provide additional information: Security Program Assessment Datasheet Sample Statement of Work Sample Final Deliverable Share the webcast on Building Confidence in Enterprise Security http://www.symantec.com/business/theme.jsp?themeid=building_confidence Schedule a discussion with a Enterprise Security Practice expert to: Provide a detailed overview of the Security Program Assessment Begin scoping a Security Program Assessment or to determine how to put the Symantec Security Management Model to work for you Security Management and Maturity Programs 19
20
20 & ANSWERS QUESTIONS Security Management and Measurement Programs
21
Thank You! Copyright © 2009 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.