We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byCallie Hollinger
Modified about 1 year ago
© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most Important Assets Ernest Doring QinetiQ-North America September 2010
© QinetiQ North America, Inc QinetiQ North America, Inc. Several factors make information security a growing concern for today’s organizations … Increased Automation: With significant reductions in the size of government, organizations are increasingly conducting business processes through network- based information environments. More critical information is being put on-line and is potentially exposed to greater risk. Increased network vulnerability: IT environments in many organizations are evolving into relatively open architectures. This potentially simplifies an attacker’s problem and increases system vulnerability. Increased cyber threat: Burgeoning technology has given rise to a new generation of computer intruders possessing a wide array of advanced intrusion tools which can inflict damage to a degree that formerly was the exclusive purview of nations. This means more chances for unauthorized users to successfully attack your systems. 2
© QinetiQ North America, Inc QinetiQ North America, Inc. … Add to that the Demands on IT & Security … Increased Competitive Pressures Better Efficiency and Consistency Increased Demand from Stakeholders More Regulations Eliminate Redundancy Increase Transparency and Accountability Increasing Demands on IT and Security 3
© QinetiQ North America, Inc QinetiQ North America, Inc. …Resulting in Organizations Asking the following Questions 4 Are our Information security initiatives aligned with our business needs? Are our customers’ and business partners’ information security initiatives and requirements compliant and compatible with ours? Are our information security practices providing adequate assurance to meet regulation or compliance requirements? Are we perceived as a responsive organization meeting the needs of our stakeholders, our customers, and trading partners? Do our information security controls align with industry-related and internationally accepted guidelines? Are we aware of our security risks and are they being effectively managed? Are we measuring the effectiveness of our information security Investments?
© QinetiQ North America, Inc QinetiQ North America, Inc. … But There is No Silver Bullet Solution SECURE SYSTEMS PROCESSTECHNOLOGY PEOPLE Systems Expert Security Expert Systems IA Expert 5
© QinetiQ North America, Inc QinetiQ North America, Inc. … So What Can Be Done? … Enterprise Security Framework Framework leads to an effective and efficient means to evaluate, design, implement, and sustain your security program 6
© QinetiQ North America, Inc QinetiQ North America, Inc. Enterprise Security Framework Benefits Provides increased efficiency and economy of security throughout the organization Provides the ability to ensure centralized enforcement and oversight and decentralized management The central level element helps to coordinate and manage use of limited security-related resources throughout the organization Ensure that mechanisms are in place to provide coordination and unity of action between the central and the system level components Ensures appropriate and cost-effective security for each system Together, the multilevel components of an enterprise-wide IT security program will protect an organization’s valuable information resources 7
GRC: Aligning Policy, Risk and Compliance Raquel Miller – RSA Archer Specialist Matt Crawley – RSA Archer Engineer Jesse Read & Steve Armendariz – RSA.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
Consumer Empowerment Consumer Empowerment May 15, 2012 Presented by: Alparslan Bayraktar Commissioner Energy Market Regulatory Authority of Turkey (EPDK)
Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?
Traversing New Waters: Eight Years Post-Crisis A Panel on the Impact of the Regulatory Tsunami on Securities.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Information Technology Audit AIG Presentation 6/16/
1 Consultancy. 2 Quality Management System (QMS) IT Governance Information Security Management System (ISMS) ISO 9001/ 27001/ BS25999 Implementation Risk.
The NIST Special Publications for Security Management By: Waylon Coulter.
Samantha Schreiner University of Illinois at Urbana- Champaign BA 559 – Professor Michael Shaw December 15 th, 2008 A Survey of IT Governance Through COBIT,
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Information Security Policies Larry Conrad September 29, 2009.
Enabling Secure Multi-Organization Collaboration Andrew Porter IT Director, Enterprise Architecture Merck & Co., Inc.
WHY CHOOSE CEO-PE? We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Evolving IT Framework Standards (Compliance and IT)
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
The role of internal audit in enterprise- wide risk management (ERM) James Glass Director, Business Review and Audit Division.
1 An Overview of Computer Security computer security.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Creating Taxpayer Awareness: Corporate Social Responsibility and the Forums for Taxpayer- Tax Administration Dialogue Inter-American Center of Tax Administrations.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Info-Tech Research Group1 V3.1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services.
Copyright © 2012 Accenture & Symantec. All rights reserved. This Sales Accelerator presentation is intended to provide sales teams fast facts on solutions.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Chapter 5 Creating Business Value © John Wiley & Sons Canada, Ltd.5-1.
Randy Beavers CS 585 – Computer Security February 19, 2009.
Enterprise Architecture 1. What is an Enterprise An “enterprise” is any collection of organizations that has a common set of goals. For example, an enterprise.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Microsoft Belgium Security Summit Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA.
1 The Benefits of an SOA in the Contact Center Brian Garr Program Director, IBM Speech Solutions.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Jim Seligman Chief Information Officer Welcome & Opening Remarks.
Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)
SOA Management Packs & Governance Cheat Sheet (Shared under OPN NDA - Last Updated: 8/3/2009)OPN NDA Target Account Profile Enterprises that: Have IT infrastructure.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
Frankfurt (Germany), 6-9 June 2011 Iiro Rinta-Jouppi – Sweden – RT 3c – Paper 0210 COMMUNICATION & DATA SECURITY.
Information! Information is a key resource for all enterprises. Information is created, used, retained, disclosed and destroyed. Technology plays a key.
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
“HIPAA-Proof” Your Healthcare Data: Safeguards at the Database Level Ted Julian VP Marketing & Strategy Application Security Inc.
SUPERVISION FRAMEWORK FOR CLEARING AND SETTLEMENT SYSTEMS: MAIN ELEMENTS AND SOME ISSUES TO INCLUDE IN THE OVERSIGHT OF THE SYSTEMS Global Payments Week.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
© 2017 SlidePlayer.com Inc. All rights reserved.