Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.

Published byEugene Craig Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA."— Presentation transcript:

1 Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA

2 Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

3 Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

4 Introduction The Security of Inclusion “Enablement” The Security of Exclusion “Protection” Source: PricewaterhouseCoopers LLP

5 Challenge to meet conflicting requirements Security Availability Control Functionality Cost Finding the Right Balance

6 Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

7 Management responsibility Security Objectives: Source : “IT Security Governance”, the IT Governance Institute (ITGI.org) “Protecting the interests of those relying on information, Business and the systems and communications that deliver the information, Assets from harm resulting from failures of availability, confidentiality and integrity.” risks

8 Security management activity Policy Development Roles and Responsibilities DesignImplementationMonitoring Awareness, Training and Education Source : the International Guidelines for Managing Risk of Information and Communications Statement #1: Managing Security of Information, issued by the International Federation of Accountants

9 Business enablers New technology provides the potential for dramatically enhanced business performance, Information security can add real value to the organization by contributing to: interaction with trading partners, closer customer relationships, improved competitive advantage and protected reputation. It can also enable new and easier ways to process electronic transactions and generate trust.

10 Security Enabled Business Reduce Security Risk Assess the environment Improve isolation & resiliency Develop and implement controls Increase Business Value Connect with customers Integrate with partners Empower employees Risk Level Impact to Business Probability of Attack ROI Connected Productive

11 Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

12 Business Challenges Requiring Security Solutions eCommerce Electronic Contract Signing Electronic Contract Signing Non-Repudiation Non-Repudiation Digital Rights Management Digital Rights Management Compliance with Regulation Basel II Basel II Data Protection Regulation Data Protection Regulation E-Commerce Regulation (eSignature, eProcurment, eInvoice, …) E-Commerce Regulation (eSignature, eProcurment, eInvoice, …) Collaboration & Communication Confidentiality Confidentiality Authentication Authentication Availability Availability Secure Extranet Secure Extranet Mobile Workforce Remote Access, VPN Remote Access, VPN Wireless LAN Wireless LAN Protect Laptop Protect Laptop Single-Sign-On Single-Sign-On

13 Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

14 What about security and Microsoft technology? How much to trust any technology, any business process and operations? Need for adequate risk management process Risk mitigation projects to be championed by management What is Microsoft’s track record in security and what are its perspectives Analyze how those could impact own critical business?

15 36 Days after availability Number of Bulletins 6 “Critical” & “Important” Security Bulletins Quality & Engineering Excellence

16 Common Criteria Certification Microsoft will certify all eligible products Stable Protection Profile available Demonstrated customer need Window Server 2000, Windows 2000 & Windows 2000 Certificate Server Certified EAL4+ ISA Certified EAL2 Windows Server 2003, Windows XP, ISA 2004 In evaluation SQL Server, Exchange In planning

17 Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

18 Components of Risk Assessment AssetThreat Impact VulnerabilityMitigation Probability + + = = What are you trying to assess? What are you afraid of happening? What is the impact to the business? How could the threat occur? What is currently reducing the risk? How likely is the threat given the controls? Current Level of Risk What is the probability that the threat will overcome controls to successfully exploit the vulnerability and affect the asset? Operating Principles Mission and Vision Risk Based Decision Model Tactical Prioritization

19 “Economic impact" of a security incident? Business not a professional exercise Related to asset identification and valuation Impact should include various cost elements Loss of opportunity Reputation impact Replacement costs The value of integrity availability and confidentiality of information

20 Agenda Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business? What about security and Microsoft technology? Risk Assessment: How to calcuate the "economic impact" of a security incident? Conclusions: Isn’t it all about complexity?

21 A complexity issue Continuous complexity of systems, processes and number of involved stakeholders Stakeholders include business decision makers (BDM) Alignment is required between TDB and BDN on: Security requirements driven by enterprise requirements Security solutions fit for enterprise processes Investment in information security aligned with the enterprise strategy and agreed-upon risk profile

22

23 Resources General http://www.microsoft.com/security Consumers http://www.microsoft.com/protect Security Guidance Center http://www.microsoft.com/security/guidance Tools http://www.microsoft.com/technet/Security/tools How Microsoft IT Secures Microsoft http://www.microsoft.com/technet/itsolutions/msit E-Learning Clinics https://www.microsoftelearning.com/security Events and Webcasts http://www.microsoft.com/seminar/events/security.mspx

24 Security Mobilization Initiative Security = People, Processes & Technology http://www.microsoft.com/belux/nl/securitymobilization/default.mspx Training & Offerings Security Partners CTEC’s Microsoft Events Tools Security Guidance Kit

25 Next Events TechNet Evening: Application & Data Security 17, 18, 19 May Active Directory Security June 3 rd John Craddock MSDN Evening Chapter June 3 rd SharePoint Development TechNet Evening: Advanced Client & Server Security 22, 23, 24 June http://www.microsoft.com/belux/nl/securitymobilization/events.mspx

Download ppt "Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA."

Similar presentations

OUR STRATEGIC PLANNING JOURNEY. The Department of Medicine Strategic Plan  Our roadmap for the future  It will shape and guide what the Department of.

OUR STRATEGIC PLANNING JOURNEY. The Department of Medicine Strategic Plan  Our roadmap for the future  It will shape and guide what the Department of.
Microsoft Operations Framework (MOF) 4.0

Microsoft Operations Framework (MOF) 4.0
Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.

Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.
Primary Benefit Types Value Discipline Benefits – Operating Excellence Reduce Cost Reduce Risk – Product Leadership Increase Revenue – Customer Intimacy.

Primary Benefit Types Value Discipline Benefits – Operating Excellence Reduce Cost Reduce Risk – Product Leadership Increase Revenue – Customer Intimacy.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Security Controls – What Works

Security Controls – What Works
Jim Seligman Chief Information Officer Welcome & Opening Remarks.

Jim Seligman Chief Information Officer Welcome & Opening Remarks.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Global Management Accounting Principles overview and opportunity for research.

Global Management Accounting Principles overview and opportunity for research.
MEANS TO AN END: the OECD Approach for Effective Implementation of Public Procurement Systems Getting really strategic Paulo Magina Head of the Public.

MEANS TO AN END: the OECD Approach for Effective Implementation of Public Procurement Systems Getting really strategic Paulo Magina Head of the Public.
Security Risk Management Paula Kiernan Ward Solutions.

Security Risk Management Paula Kiernan Ward Solutions.
Patch Management Strategy

Patch Management Strategy
Privileged and Confidential Strategic Approach to Asset Management Presented to October 2004 2004 Urban Water Council Regional Seminar.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,

Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Consultancy.

Consultancy.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google