Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security as a Business Enabler Panos Dimitriou, MSc InfoSec, CISSP,CISM Director, Managed Security Services 2007.

Similar presentations


Presentation on theme: "Information Security as a Business Enabler Panos Dimitriou, MSc InfoSec, CISSP,CISM Director, Managed Security Services 2007."— Presentation transcript:

1 Information Security as a Business Enabler Panos Dimitriou, MSc InfoSec, CISSP,CISM Director, Managed Security Services 2007

2 Agenda  “Visualizing” Information Security  Information Security as a Business Enabler...Case Studies –e-Banking/Business Authentication –Identity & Access Management –Remote Access –Outsourcing  …Epilogue

3 “Visualizing” Information Security You are here Information Security

4 Case Studies

5 Internet Banking and more  Banks approach Internet Banking as a Strategic Alternative Channel –Cost reduction –Customer Reach –Bear necessity  The first approach was to secure their side (the Bank’s side) and leave the customer’s side as “easy” as possible (i.e. username & passwords)  However, after a series of incidents they realised that in order to keep and extend their e-customer reach they had to secure also the “client side”

6 Internet Banking and more  Currently Banks give “One Time Passwords” Authentication Tokens –Customers are willing to pay for them! –Customers are being less reluctant to jump on the Internet Banking bandwagon  Some Banks are going a step further and they provide both the good-old “ease of use” (username & passwords) without the good-old risks, by leveraging: –Login Risk Analytics and back-end Fraud Management engines and thus making the best of both worlds!

7 Identity & Access Management  Companies are leveraging ITC and they are expanding, streamlining and optimising their business operations and functions  However, as they expand at the same time they get with –numerous persons to manage and even more user accounts –More applications –More complexity  So, –It takes them a long time to get new starters productive –They have to utilise valuable IT resources to manage accounts and passwords, when they could have been used in expanding your IT capabilities –It’s more difficult to ensure a secure operating environment –…

8 Identity & Access Management Who are your users? User Name: Password: x  What do your users have access to? X What are they doing with their access? Who approved their access? Lifecycle management of employees Extend the reach to partners, customers, vendors Audit & compliance

9 Identity & Access Management

10  By using an IAM system they –Streamline and automate the user provisioning process –Reduce costs from Less help desk calls for trivial tasks (password resets) Less IT personnel is required for trivial tasks (provisioning) or for resource-intensive ones (Compliance) –Enhance User Productivity –Are able to allocate their IT personnel to tasks that really matter –Achieve Business Agility More services to more people M&As with less risks and less time

11 Remote Access  Companies need to provide Remote Access to their IT and Information resources in order to: –Support their “road warriors” (Sales teams…) –Resolve technical issues 24/7 in the minimum time possible –Reduce cost from “onsite visits” from third-party service providers –Support their teleworkers –…  However, when they are thinking about the risks they are bit reluctant to give such access  So, they usually: –Minimize services available –Introduce cumbersome manual processes Or in other words they lose half of the benefits but not reducing the corresponding risks accordingly

12 Remote Access  Advanced RAS Infrastructures can address all the concerns: –Ensure authorised access to only the resources allowed –Ensure complete auditability of authorised users actions on systems and data –Ensure critical data containment –…  And thus allow companies to provide the entire range of required services –Quickly, in a standardized fashion, securely –And get the full potential of RAS

13 Outsourcing  Outsourcing is a main trend for modern enterprises –Collection Agencies –Call Centers –Printing Houses –Software Development –IT Operations –…  However, just as in the case of RAS, when companies are thinking about the security risks and the corresponding regulatory compliance they get more reluctant to follow the trend

14 Outsourcing  Leading International companies are currently using Data Leak Prevention systems to achieve Accountability & Control on Outsourcers and corresponding data access and processes

15 Epilogue  We have to approach Information Security as a Business Enabler  We have to see Info Sec as the “railing” at our balcony that enable us to go (our company) to the edge  …without being at risk of getting “crashed” by the smallest wrong step

16 Epilogue Security Ease-of-use, Flexibility… Cost

17 www.encodegroup.com _


Download ppt "Information Security as a Business Enabler Panos Dimitriou, MSc InfoSec, CISSP,CISM Director, Managed Security Services 2007."

Similar presentations


Ads by Google