Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrated Security Solutions Highland Technology Services Inc.

Similar presentations


Presentation on theme: "Integrated Security Solutions Highland Technology Services Inc."— Presentation transcript:

1 Integrated Security Solutions Highland Technology Services Inc.

2 What security is and isn’t ● Security isn’t an appliance ● Security isn’t an afterthought ● Effective security requires a specific plan with specific goals and continued diligence ● Security isn’t a template. Needs are individual and can vary greatly ● Good security requires redundant controls on all fronts ● Security requires both technical and procedural components to be effective ● A security plan must be holistic with each piece working in concert to provide the utmost security with the least amount of inconvenience ● Good Security relies on implicit denial; If it isn’t explicitly needed it is denied.

3 Barriers to Success ● It’s time consuming ● It’s resource intensive ● It’s complex ● But it’s necessary And Highland can help…

4 How do you achieve Good Security? ● By creating a formal assessment to fully understand an organizations needs ● By formulating a high level policy from that assessment and creating specific achievable goals to reach dictums of that policy ● Create a stepwise implementation of solutions that effectively achieve the goals of an orgainzation’s policy with the smallest inconvenience to users ● Must be living.

5 The “Integrated” in Integrated Security Solutions Integrated has two meanings: 1. Security should be integral to the way an organization does its business. Every process, procedure, policy and function should be assessed for and have a security component. 2. Each piece of an organization’s environment should part of an integrated whole Like pieces of a puzzle, unless they fit together, it isn’t a pretty picture. Like pieces of a puzzle, unless they fit together, it isn’t a pretty picture. Keep in mind least privilege Understand what the organization mission needs then design a secure way to meet those needs and deny everything else. Understand what the organization mission needs then design a secure way to meet those needs and deny everything else.

6 The “Security” in Integrated Security Solutions The operational security triple(CIA): ● Confidentiality ● Integrity ● Availability

7 The “Solution” in Integrated Security Solutions ● Security requires a deductive approach ● Solutions require and inductive approach ● Requires high level participation ● Must address organization as a whole ● Coordinated specific actions are taken to address needs and risk ● A fundamental part of the way you do business

8 Step 1: Assessing your Environment and needs ● Need/Risk Assessment ● Cost/Benefit Analysis ● Current state of affairs

9 Step 2: Security Policy ● An underlying theme ● Key personnel ● Start closed and move to open ● Each element of access should explain need ● High level standards policies and procedures ● Achievable timelines and goals ● Accepted risk ● Review and change management processes

10 Step 3: Implementing Security measures ● Administrative controls  Standards, policies and procedures ● Technical controls  Access controls, Authentication and Authorization, encryption, redundancy ● Physical controls  Access controls, item destruction, HVAC

11 Step 4: Review ● Scheduled periodic review ● Change management ● Metrics ● Repeat

12 Notorious mistakes ● Caught up in the newest technology  Security is not an appliance ● Misconfiguration  A misconfigured firewall is a liability not an asset ● Glaring holes  Only as strong as the weakest link ● Piecemeal  Inconsistent implementation, exceptions to the rule, un- interoperable components ● Disorganized ● Inconvenient ● Reactive

13 HTSI and Integrated Security Solutions ● Security is our business ● We’ve done this before and can demonstrate past performance ● Work with what an organization got, to get them where you want to go ● Solution oriented

14 Take Home Message ● Security is not an afterthought ● A supported security policy ● Stepwise process to achieve the goals of that policy ● Managing to specific need ● Integrated proactive solution

15 Questions, Comments? Thank you Highland Technology Services Inc.


Download ppt "Integrated Security Solutions Highland Technology Services Inc."

Similar presentations


Ads by Google