Presentation is loading. Please wait.

Presentation is loading. Please wait.

People, Process and Technology Andy Papadopoulos.

Similar presentations


Presentation on theme: "People, Process and Technology Andy Papadopoulos."— Presentation transcript:

1 People, Process and Technology Andy Papadopoulos

2 Fighting Fraud Go after low hanging fruit – start with the most sensitive data and the areas where they are vulnerable - then work outwards Leverage existing investments in Microsoft technologies Implement Scorecards and Monitoring

3 More than 80% of enterprise's digitized information reside in individual hard drives and in personal files and 80% of the data is unstructured, not secure nor backed up. Individuals hold the key to the knowledge economy and most of it is lost when they leave the enterprise Employees get 50%-75% of their relevant information directly from other people Today’s Information Challenge Source: Gartner Group/CIBC World Markets

4 Confidentiality Ensure privacy of user information and transmission Integrity Ensure accuracy of data and data processing Availability Maximize functionality and uptime Trust Confidence to transact

5 Workplace Stats s per day (%)100+≥ Weighted Total Estimate the percentage increase in the past 12 months (2002-3) In your opinion, is communication at your workplace out of control? No Potentially Yes Should elimination of bad habits be a corporate responsibility? Yes No10639 Don’t know Christina Cavanagh Professor, Richard Ivey School of Business

6 Keeping it Confidential Don’t add layers …. Users won’t use them Take advantage of tools already in place with the interfaces they are already used to Information Rights Management

7

8

9

10 Collaboration and Control Wasted Time is a key ROI I know we did this before …. I can’t find it Intellectual Property Lessons learned leave with employees Leverage past experience Aging Work Force Losing that valuable experience

11 Common ‘problems’ with data Common agreed definitions (shared context) lacking Inconsistent definitions across applications Manual transformations and analysis Manual Audit Trails Poor Data Quality Poor Connectivity from applications to resources One Way Data Traffic (errors not corrected at the source)

12 What does FINE mean ? “Don’t worry everything is Fine” How do I get the validation I need Make use of dashboards and scorecards

13

14

15 Service Level Reporting

16 The Identity Lifecycle New User User ID Creation Credential Issuance Access Rights Account Changes Promotions Transfers New Privileges Attribute Changes Password Mgmt Strong Passwords “Lost” Password Password Reset Retire User Delete/Freeze Accounts Delete/Freeze Entitlements

17 Identity Business Impact 24% lower productivity End user spends 16 minutes a day logging in to various system Provisioning new users take 28 hours longer than business requirements Increased IT Operational Costs Roughly 48% of help desk calls are password resets ($45-$153 each) User management consumers 5.25% of all IT productivity Most admin tasks (moves, adds, changes) take 10x longer than necessary 23% additional security risks Only 70% of users deleted on departure New users provisioned to 16 apps, on departure deleted from 10 A survey of over 600 organizations concluded that the average cost impact of security breaches on each organization alone is over $972K* Source: Metagroup/PwC Survey 2002, * CSI/FBI Survey

18

19 It’s a Virtual World … The fine balance between keeping safe and allowing employees to do their jobs. Workforce is mobile Laptops are everywhere

20 Mobile Workforce Why We Need Quarantine

21 Internet and PC Usage Policy “I didn’t know I couldn’t sell stuff on ebay 4 hours a day ….” Put it in writing, keep it current, make it part of your HR process.

22 Microsoft Best Practice Tools Microsoft Baseline Security Analyzer Exchange Best Practice Analyzer SQL Best Practice Analyzer Validates that your installation and configuration are done to best practice guidelines

23 Microsoft Security Assessment Tool Free tool to drive security awareness around people, process and technology Download from:

24 A Layered Approach to Compliance Engages the entire business for success Allows for the allocation of controls outside of IT Legislation Policies Procedures Physical Controls Application Features Inherent System Capabilities

25 A Layered Approach to Security Policies, Procedures, & Awareness OS hardening, patch management, authentication Firewalls, VPN quarantine Guards, locks, tracking devices Network segments, Isolation Application hardening, antivirus Access controls- data encryption Documented Process and User Education ! Physical Security Perimeter Internal Network Desktop and Servers Applications Data

26 Discovery Session Offer Discovery Session Offer 1-2 day offer from Office Systems Team Makes use of scorecards and collaboration Show you how you can use tools to better communicate/collaborate/share Show accountability to stakeholders

27 Summary Leverage investments already made with Microsoft Technology Make use of scorecards and monitoring systems to ensure things really are FINE


Download ppt "People, Process and Technology Andy Papadopoulos."

Similar presentations


Ads by Google