Presentation is loading. Please wait.

Presentation is loading. Please wait.

Symantec Security Program Assessment and the Symantec Security Management Model.

Published byBerniece Avis Leonard Modified over 8 years ago

Similar presentations

Presentation on theme: "Symantec Security Program Assessment and the Symantec Security Management Model."— Presentation transcript:

1 Symantec Security Program Assessment and the Symantec Security Management Model

2 IT Security used to be much simpler A single team addressed the problems Incident management was centered around the security team Security devices were owned and operated by the security team Software was just anti- virus Security Management and Measurement Programs 2

3 Less Redundancy As organizations run faster and leaner, security budgets are under pressure. Less Redundancy As organizations run faster and leaner, security budgets are under pressure. IT Security Now Security Management and Measurement Programs 3 Outsourcing 81% of firms outsource up to 50% of their IT functions Outsourcing 81% of firms outsource up to 50% of their IT functions Distributed Control Security requires software and hardware all throughout the IT environment. Distributed Control Security requires software and hardware all throughout the IT environment. Culpepper Compensation Survey, 2007

4 What is your guide to a complete program to address all your firm’s needs? Three questions you need to answer. 4 How do you ensure that your business partners and outsourcers don’t leave you exposed? Security Management and Measurement Programs What helps you determine the correct amount of effort to spend on the different areas of security at your firm?

5 Symantec Security Management Model What is the model? The Symantec Security Management Model was developed as a graphical tool to facilitate wide-ranging discussions about our customer’s information security programs The Model examines security from three perspectives… People “Strategic” Process “Operational” Technology “Tactical” …across seven core areas: Security Strategy Security Organization Secure Operations Business Continuity Network & System Security Application Security Data Security 5 Security Management and Measurement Programs

6 6 Symantec Security Management Model What does the model look like? Security Management and Measurement Programs

7 Symantec Security Management Model How do our clients use the model? In order to ensure that all security responsibilities are clearly understood throughout the enterprise To determine the maturity of their security programs Identifying areas of strength and opportunities for improvement Addressing areas of excess security expenditure 7 Customer driven We developed this service to meet our clients’ need for a systematic, scalable and repeatable process to assess the maturity of their IT Security activities which could be easily communicated to executive management Security Management and Measurement Programs

8 8 Security Management and Measurement Programs What is the Security Program Assessment? Consultative engagement intended to: Evaluate the maturity for a security program against the framework Identify the desired state of security capabilities Prioritize roadmap for achieving information security goals Utilizing a well-defined methodology that engages: Senior Management Business Stakeholders Technical Owners Conducted in a series of: Interviews Risk Workshops Documentation Review Typical engagement 3 weeks offsite planning 3-4 weeks onsite delivery Security Management and Measurement Programs

9 9 Security Management and Measurement Programs What is the Security Program Assessment? Security Management and Measurement Programs

10 10 Security Management and Measurement Programs What are the results of the Security Program Assessment? Detailed Analysis Covering all 42 elements of the framework Defined Capability Maturity Model Five Levels of evaluation Focused on each element Detailed subcategories Heat Map of the Core Areas Current State Desired State Executive Summary Capability Maturity Model Rating Prioritized Action Plan Security Management and Measurement Programs

11 11 Security Management and Measurement Programs What are the results of the Security Program Assessment? Detailed Analysis Covering all 42 elements of the framework Defined Capability Maturity Model Five Levels of evaluation Focused on each element Detailed subcategories Heat Map of the Core Areas Current State Desired State Executive Summary Capability Maturity Model Rating Prioritized Action Plan Security Management and Measurement Programs

12 12 Security Management and Measurement Programs What are the results of the Security Program Assessment? Detailed Analysis Covering all 42 elements of the framework Defined Capability Maturity Model Five Levels of evaluation Focused on each element Detailed subcategories Heat Map of the Core Areas Current State Desired State Executive Summary Capability Maturity Model Rating Prioritized Action Plan Security Management and Measurement Programs

13 13 Security Management and Measurement Programs What are the results of the Security Program Assessment? Detailed Analysis Covering all 42 elements of the framework Defined Capability Maturity Model Five Levels of evaluation Focused on each element Detailed subcategories Heat Map of the Core Areas Current State Desired State Executive Summary Capability Maturity Model Rating Prioritized Action Plan Security Management and Measurement Programs

14 Security Management and Measurement Programs Who’s using the Security Program Assessment? 14 IndustryServices Results Financial Services Conducted Maturity Assessments of Information Security Program in order to measure improvements in capability over the past eighteen months Insurance Utilized the Symantec Security Management Model to compare and contrast anticipated program improvements to be gained from key security initiatives Retail Conducted Maturity Assessments of core and subsidiary business units to align program objectives Modeled future program initiatives using the model Government Used the model as a framework to establish IT Security Program and to communicate and collaborate on security initiatives across multiple, autonomous divisions Security Management and Measurement Programs

15 Security Management and Measurement Programs What are people saying about the Security Program Assessment? 15 [The service] which highlights numerous security postures and attributes a risk level to each one, gives us a snapshot of where we are. It really provides a comprehensive picture of each of the different pieces to the larger security landscape. Not only do I find it useful, but I've shown it to the audit committee and to other executives to explain our current security state and our direction over the next year. Dave Cullinane CISO, eBay Marketplaces CIO Digest Magazine, October 2007 Security Management and Measurement Programs

16 16 Symantec Services Portfolio Symantec Global Services offers deep technical knowledge and expert resources to protect and manage your information-driven world Consulting –Advisory Services –Product Enablement Services –Residency Services Hosted Services –DeepSight Early Warning Services –Symantec Protection Network –MessageLabs Managed & Hosted Services Enterprise Support Professional Services Enterprise Support –Business Critical Services –Essential Support –Basic Maintenance Education –Technical Training –Custom Learning Services Managed Services –Managed Security Services –Managed Backup Services Security Management and Measurement Programs

17 Symantec Services Portfolio Consulting Services Data Centre Transformation Data Center Strategy and Planning Standardization services Green IT Assessment Future State Architecture IT Service Management Security Strategic Services (e.g., Security Program Assessment) Secure Application Services Secure Infrastructure Services Operations Services (e.g., Security Policy / Program) Compliance Services Advisory Services Product Enablement Residency Services Representative Products SEP, Altiris EV, Control Compliance Suite, Vontu Veritas Storage Foundation NetBackup, PureDisk Solution Domains Security Information Risk and Compliance Storage Infrastructure Operations Business Continuity Services Executive/ Strategic advisory Operations management Services Assessment, Design, Transform & Operate Upgrades / Solution Reviews Integration Services Health-checks Security Management and Measurement Programs

18 Symantec Services Portfolio Managed Services Symantec’s Global Intelligence Network Database of 25,000+ Vulnerabilities Attack Quarantine System (Honeypot) 40,000 registered sensors in 200+ countries 120 million threat/virus submission systems 2,000,000 decoy accounts in the Symantec Probe Network 200,000 Malicious Code Submissions per month Deepsight Global Intelligence Services Threat Management System Alert Services Recent Introductions Deepsight Datafeeds v3.0 Managed Security Services Early Warning Services Managed Backup Services Core Services Security Monitoring Security Management Vulnerability Assessment Services Vulnerability Data Integration Recent Introductions Managed Threat Analysis Gold Firewall Monitoring Bundled IDP Solution Bot-aware network detection Traffic Anomaly Detection Security Device Virtualisation Future Planned Offerings Log Management Service (Nov 2008) Managed Endpoint (Jan 2009) Service Features 24 x 7 x 365 proactive management of backup environment SLAs backed by penalties Local account management Daily status reports of SLAs Regular monthly service reviews Fixed monthly fee Delivery Model “Best shoring” model, using local administrators and service deliver managers + remote 24x7 operations Standard transition plan and methodology Security Management and Measurement Programs

19 Security Management and Measurement Programs What are the Next Steps to move forward? Account Team can provide additional information: Security Program Assessment Datasheet Sample Statement of Work Sample Final Deliverable Share the webcast on Building Confidence in Enterprise Security http://www.symantec.com/business/theme.jsp?themeid=building_confidence Schedule a discussion with a Enterprise Security Practice expert to: Provide a detailed overview of the Security Program Assessment Begin scoping a Security Program Assessment or to determine how to put the Symantec Security Management Model to work for you Security Management and Maturity Programs 19

20 20 & ANSWERS QUESTIONS Security Management and Measurement Programs

21 Thank You! Copyright © 2009 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Download ppt "Symantec Security Program Assessment and the Symantec Security Management Model."

Similar presentations

IT Asset Management Status Update 02/15/2010. 2 Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.
Life Science Services and Solutions

Life Science Services and Solutions
Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’

Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
IT Analytics for Symantec Endpoint Protection

IT Analytics for Symantec Endpoint Protection
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
Enterprise Content Management Pre-Proposal Conference for RFP No. ISD2006ECM-SS December 6, 2006 California Administrative Office of the Courts Information.

Enterprise Content Management Pre-Proposal Conference for RFP No. ISD2006ECM-SS December 6, 2006 California Administrative Office of the Courts Information.
Backup Modernization with NetBackup Appliances

Backup Modernization with NetBackup Appliances
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
Program Management Overview (An Introduction)

Program Management Overview (An Introduction)
Symantec De-Duplication Solutions Complete Protection for your Information Driven Enterprise Richard Hobkirk Sr. Pre-Sales Consultant.

Symantec De-Duplication Solutions Complete Protection for your Information Driven Enterprise Richard Hobkirk Sr. Pre-Sales Consultant.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
ISS IT Assessment Framework

ISS IT Assessment Framework
Telecom Lifecycle Management Solutions for Sales Partners.

Telecom Lifecycle Management Solutions for Sales Partners.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
The Information Systems Audit Process

The Information Systems Audit Process
Практические аспекты аутсорсинга ИБ Алексей Чередниченко Ведущий консультант, Symantec Services Group 28 апреля 2009.

Практические аспекты аутсорсинга ИБ Алексей Чередниченко Ведущий консультант, Symantec Services Group 28 апреля 2009.

Similar presentations

Ads by Google