Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?

Published byGodwin Russell Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?"— Presentation transcript:

1 Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level? What are the high-risk areas? How does risk compare to our security policy? Have we achieved an acceptable level of security? Are we compliant with our internal security policies? What are the areas of non- compliance? What resources do we have to allocate? How do we assign remediation tasks? How do we automate patch deployments? Maximizing Return on Security Investment

2 Configuration Management The rising number of vulnerabilities demands a review of the processes and resources needed to effectively deal with increased exposure -- Source: CERT Data. This rapid acceleration from vulnerability disclosure to widespread attacks represents today’s most critical network security risk

3 Business Continuity The integration of enterprise applications (ERP, SFA, Financials, Call Center, Help Desk, etc.) are creating complex business processes that require 24x7 availability These business processes rely on network devices within an infrastructure –Servers, routers, switches, etc. An attack on one network device can have ripple affects on a business process, shutting down services across a network, and crippling business continuity

4 4 Regulatory Compliance Many companies now face board-level inquiries into their security practices Scope of compliance is now a business and technology issue –Security programs must be developed, implemented and maintained –Identify and assess the risks threatening customer data –Generate timely, accurate and actionable information about their exposures Internal policies must be created, implemented and enforced –Identify which technologies, methods and people are most vulnerable –Have a consistent baseline of questions around standards, practices, configurations and vulnerabilities GLB

5 Host-level Threat Mitigation Configuration Management Remediation Management Asset Inventory Security Management Security Puzzle Security Policy Enforcement Security Snapshot Assessment Business Continuity Post-Attack Forensics Eliminate losses associated with events that can be identified and corrected Accurately identify and fix network-wide vulnerabilities expeditiously Ongoing, proactive network threat reduction Reduce manhours required to correct issues Executive level reporting / Verification of threat reduction process

Download ppt "Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?"

Similar presentations

1 www.vita.virginia.gov IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1, 2013 www.vita.virginia.gov.

1 IT Risk Management in Government Jonathan Smith Sr. Risk Manager Commonwealth Security and Risk Management October 1,
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Www.QinetiQ-NA.com © QinetiQ North America, Inc. 2010 QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.

© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
Larry Edie & Annie Ballew.  Who are you users?  What do you know about your users?  How can you cost-effectively manage this information?  How can.

Larry Edie & Annie Ballew.  Who are you users?  What do you know about your users?  How can you cost-effectively manage this information?  How can.
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Module 2 Segregation of Duties Case Study Individual Assignment

Module 2 Segregation of Duties Case Study Individual Assignment
Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc.

Vulnerability and Configuration Management Best Practices for State and Local Governments Jonathan Trull, CISO, Qualys, Inc.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.

VULNERABILITY MANAGEMENT Moving Away from the Compliance Checkbox Towards Continuous Discovery.
Copyright © Panaya Oracle ® E-Business Suite Testing: How to Get Your Business Users On-Board Amir Farhi Director, Product Marketing.

Copyright © Panaya Oracle ® E-Business Suite Testing: How to Get Your Business Users On-Board Amir Farhi Director, Product Marketing.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.

Cloud Attributes Business Challenges Influence Your IT Solutions Business to IT Conversation Microsoft is Changing too Supporting System Center In House.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Similar presentations

Ads by Google