Integrated Security Solutions Highland Technology Services Inc.
What security is and isn’t ● Security isn’t an appliance ● Security isn’t an afterthought ● Effective security requires a specific plan with specific goals and continued diligence ● Security isn’t a template. Needs are individual and can vary greatly ● Good security requires redundant controls on all fronts ● Security requires both technical and procedural components to be effective ● A security plan must be holistic with each piece working in concert to provide the utmost security with the least amount of inconvenience ● Good Security relies on implicit denial; If it isn’t explicitly needed it is denied.
Barriers to Success ● It’s time consuming ● It’s resource intensive ● It’s complex ● But it’s necessary And Highland can help…
How do you achieve Good Security? ● By creating a formal assessment to fully understand an organizations needs ● By formulating a high level policy from that assessment and creating specific achievable goals to reach dictums of that policy ● Create a stepwise implementation of solutions that effectively achieve the goals of an orgainzation’s policy with the smallest inconvenience to users ● Must be living.
The “Integrated” in Integrated Security Solutions Integrated has two meanings: 1. Security should be integral to the way an organization does its business. Every process, procedure, policy and function should be assessed for and have a security component. 2. Each piece of an organization’s environment should part of an integrated whole Like pieces of a puzzle, unless they fit together, it isn’t a pretty picture. Like pieces of a puzzle, unless they fit together, it isn’t a pretty picture. Keep in mind least privilege Understand what the organization mission needs then design a secure way to meet those needs and deny everything else. Understand what the organization mission needs then design a secure way to meet those needs and deny everything else.
The “Security” in Integrated Security Solutions The operational security triple(CIA): ● Confidentiality ● Integrity ● Availability
The “Solution” in Integrated Security Solutions ● Security requires a deductive approach ● Solutions require and inductive approach ● Requires high level participation ● Must address organization as a whole ● Coordinated specific actions are taken to address needs and risk ● A fundamental part of the way you do business
Step 1: Assessing your Environment and needs ● Need/Risk Assessment ● Cost/Benefit Analysis ● Current state of affairs
Step 2: Security Policy ● An underlying theme ● Key personnel ● Start closed and move to open ● Each element of access should explain need ● High level standards policies and procedures ● Achievable timelines and goals ● Accepted risk ● Review and change management processes
Notorious mistakes ● Caught up in the newest technology Security is not an appliance ● Misconfiguration A misconfigured firewall is a liability not an asset ● Glaring holes Only as strong as the weakest link ● Piecemeal Inconsistent implementation, exceptions to the rule, un- interoperable components ● Disorganized ● Inconvenient ● Reactive
HTSI and Integrated Security Solutions ● Security is our business ● We’ve done this before and can demonstrate past performance ● Work with what an organization got, to get them where you want to go ● Solution oriented
Take Home Message ● Security is not an afterthought ● A supported security policy ● Stepwise process to achieve the goals of that policy ● Managing to specific need ● Integrated proactive solution
Questions, Comments? Thank you Highland Technology Services Inc.