Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Published byLucy Short Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual."— Presentation transcript:

1 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. AT&T Security Consulting Services

2 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 2 AT&T Security Consulting Practice Towers Protecting business assets Governance, Risk & Compliance Payment Card Industry Solutions Secure Infrastructure Services Vulnerability & Threat Management Security Strategy & Roadmap Application Security Services

3 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. Protecting business assets & enhancing enterprise Governance AT&T Security Consulting Practice Towers Security Strategy & Roadmap Advisory and development services providing programmatic frameworks for operational alignment, advanced technology deployments (mobility and cloud) and a life cycle approach to security and risk management. Governance, Risk & Compliance Security assessment services addressing regulatory requirements and/or industry standards, as well as security program development with an emphasis on usable frameworks for policy and security management aligned with the adoption of emerging technologies such as mobility, cloud. Payment Card Industry Solutions A range of comprehensive PCI compliance services that objectively help achieve and maintain PCI compliance including PCI assessments, readiness assessments, remediation assistance, and other related solutions. Vulnerability & Threat Management Services designed to provide an independent baseline and validation of the overall security posture from within or outside of the enterprise. Application Security Services Strategic and tactical security services focused on the applications supporting critical business processes such as mobile, web based. Includes technical assessments, secure development life cycle reviews and program management consulting. Secure Infrastructure Services A suite of life cycle offerings aligned with planning, architecting, integrating, and optimizing a secure network and infrastructure aligned with business and security goals. 3

4 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 4 Security Strategy & Roadmap Strategy Development Security Roadmap Develop a comprehensive information security framework that can address the organization’s requirements for information protection, incident prevention, detection and response based on the organization’s risk and alignment with industry best practice frameworks Develop customized roadmap with detailed project plans, identifying ownership, timelines and resource allocation for the effective implementation of the security strategies An advisory service to assist with the development of comprehensive information security strategies that are effective, manageable and offering maximum return on your security investments while addressing any emerging threats/risks specific to your business operations.

5 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 5 Governance, Risk & Compliance Mobility and Cloud Security Risk Assessments Risk Analysis Remediation Roadmap Implementation FTC Mandated Assessments Security Assessments Initial & biennial Planning & Remediation Business Continuity Planning Business Impact Analysis Strategy & Plan Training & Testing Regulatory and Industry Standards-based Assessments HIPAA, HITECH, HITRUST GLBA State Privacy Law ISO 27001/2 Assessments & Certification Readiness Assessment Planning & Implementation Certification AT&T SureSeal Security Certified Trust & Assurance Security Assessment Remediation Roadmap End-to-end consulting and advisory services for Information Security, Governance, Risk Management, Compliance and Implementation of standards, regulatory, contractual and internal security requirements.

6 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 6 Payment Card Industry Service Offerings Annual Security Assessment Performed by QSAs on-site for Level 1 and Level 2 entities (i.e. merchants) Readiness Assessment Pre-assessment service that helps clients identify gaps prior to the actual assessment Remediation Services Work with our clients to close gaps between the PCI Data Security Standard requirements and their current state Vulnerability & Threat Management Design and implement programmatic controls and processes to maintain compliance throughout the year Approved Scanning Vendor (ASV) Payment Application Assessments For clients who develop and resell payment applications to more than one entity, we can perform assessments per requirements of PCI’s Payment Application Data Security Standard Qualified Forensic Investigator

7 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 7 Secure Infrastructure Services Firewall Assessment Services Implementation and administration Migration and consolidation Tuning (performance and compliance) Data Discovery & Data Loss Prevention Know where the data resides and traverses Preventing data escaping the organization Secure Network Architecture Planning, design and segmentation Configuration reviews Data center management Mobile Security / Cloud Computing Security Event Management (SEM/SIM/SIEM) Log consolidation, alerting and reporting Intrusion Detection / Prevention / NAC placement and tuning Networks have become complex and fragmented due to rapid growth and acquisitions. An enterprise-based network security approach can provide tangible reduction in TCO, and enable a business to be more agile and competitive.

8 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 8 Vulnerability and Threat Management Provides an independent baseline and validation of the organization’s security posture. AT&T Consulting can simulate real-world attacks to identify vulnerabilities in the network, evaluate risks, and develop remediation plans that are tailored to unique business requirements and security needs. Vulnerability Assessments Penetration Testing (aka Ethical Hacking) Scanning of the target infrastructure, establishing a baseline and making compliance easier by validating external posture Providing an overall security picture at a lower cost with repeatable exercises Periodically verifying assets are properly protected; evaluating recurring differentials and managing vulnerabilities Takes Vulnerability Assessment to the next level Manual testing and exploits, in addition to false positive reduction of automated results Taken from the perspective of a malicious external entity, or rogue internal resource Verifying that defense in depth and response capabilities are working as designed, along with security controls validation Required by many industry regulations and standards Vulnerability Management VoIP Penetration Testing Wi-Fi Penetration Testing War Dial Social Engineering Mobile Security Assessments Denial of Service based testing Virtualization Security Remote Access Assessment Breach/Incident Response Testing 8

9 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 9 Application Security Application Security Assessments Automated and manual testing designed to circumvent the logic of the application in order to gain elevated access to systems or information – Web Based – Mobile Applications Application Security Program Management Application inventory, identification and assignment of risk classification, development of testing plans, management and execution of program Security Code Review Industry common practice and PCI requirement PCI DSS v1.2, section 6.3.7: Review of custom code prior to release to production or customers in order identify any potential coding vulnerability OWASP Orizon Code Review, and Top 10 PCI PA-QSA Application Security Assessment Visa & MasterCard encourage application development companies to certify their payment applications in accordance with the PCI Payment Application Best Practices program Applications that meet these standards can be listed on the Visa web site as PCI-approved payment applications The Application Security solution portfolio consists of tactical and strategic services to help organizations assess, manage, and reduce security risks arising from unsafe software development practices.

10 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 10 Helping our customers navigate complex IT Transformation Trusted Advisors Compliance & Risk Reduction Cost Performance Technology Strategy Revenue Growth Governance and Sourcing CIO Agenda Reduce CapEx/OpEx Consolidation Shared Services Rapidly introduce new services into production In deployments, upgrades, operations, and security Technology roadmap, refresh, migrations Process Frameworks & Sourcing Strategies © 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.

11 © 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners. 11

Download ppt "© 2014 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual."

Similar presentations

Life Science Services and Solutions

Life Science Services and Solutions
03-23-05 JUNE 2007 page 1 EDS Proprietary Applications Modernization Services Modernizing the Applications Portfolio.

JUNE 2007 page 1 EDS Proprietary Applications Modernization Services Modernizing the Applications Portfolio.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Security Services Svetlana.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
ISS IT Assessment Framework

ISS IT Assessment Framework
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.
PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP

PCI's Changing Environment – “What You Need to Know & Why You Need To Know It.” Stephen Scott – PCI QSA, CISA, CISSP
Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.

Overview 4Core Technology Group, Inc. is a woman/ veteran owned full-service IT and Cyber Security firm based in Historic Petersburg, Virginia. Founded.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

Similar presentations

Ads by Google