Presentation is loading. Please wait.

Presentation is loading. Please wait.

Joseph Ferracin Director IT Security Solutions Managing Security.

Published byLouisa Newton Modified over 8 years ago

Similar presentations

Presentation on theme: "Joseph Ferracin Director IT Security Solutions Managing Security."— Presentation transcript:

1 Joseph Ferracin Director IT Security Solutions GlobalSecurity @SITA Managing Security

2 2 A Security organization A Security Framework – Guidelines and Policies Company’s Management support End-Users involvement A security plan A budget Skilled Security people In Modern Networked IT Environments Efficient security requires

3 3 The organization Create a Security Office That is Independent of IT. Reports to the top management Defines the security framework and the high level policies Drives security Audits & Assessments Defines the security plan & Proposes security budget Helps in Security implementations Create a security council That Includes Security Officer, Top management representative(s), IT representative(s) Endorses Security policies Validates Security Plan & Security budget

4 4 The Framework We recommend BS7799 The BS 7799 Information Security Standard is published in two parts: 1.Part 2 Specification for ISO/IEC 17799 Part 1 Code of practice for Information Security Management 2.BS 7799 Information Security Management Purchase on line: http://www.bsi-global.com/Information+Security/04_Standards_infosec/index.xhtml BS 7799 shall be regarded as a guidance BS 7799 certification is complex

5 5 Get management support Propose a risk assessment Company’s management is responsible for the security of Company assets Vulnerabilities in IT security organization and in IT equipment configurations must be know. Associated risks must be evaluated. Suggest the necessity of a high level security policy Suggest to develop a security plan Costs: $100 000 $600 000

6 6 Involve End Users Education Users must know and understand the security policy They must be conscious of the value of their own data. Avoid constraints – Try to suggest – Use flattery Security has to be as transparent as possible Use appropriate technology

7 7 Availability of Information Systems Confidentiality & Privacy of Sensitive Information Access control on Networks, Systems & Applications Integrity of Transactions Security issues: You want to guarantee

8 8 Assess risks Audit implementations Analyze vulnerabilities Security policies Security migration plans Define secure architectures Design security solutions Firewalls Encryption Public key infrastructures Centralized management Anti-virus Intrusion detection Strong authentication Firewalls Strong authentication IPSec VPNs Digital certificates Intrusion detection Security is a continuous process

9 9 Security on the Intranet bbb Mainframes Servers Anti-Virus Virus Detection Workstations Strong Authentication PKI Smart Cards Single Sign On Authentication Service Kerberos V5 Role Based Authorization Active Directory Authorization Service

10 10 Demilitarized Zone (DMZ) No Security Consumer Trusted Consumer Corporate Intranet Business Partner IPSec Encrypted VPN SSL Encrypted Transaction IPSec Encrypted VPN Integrity Confidentiality Availability Intrusion Detection Firewall VPN Access Control Security on the Internet Authentication Employee

11 11 Network Admin. $65,000 Security Engineer $109,000 Why Outsource Security? I.T. resource shortage “Under-staffed, under- skilled, overwhelmed. That’s the sinking feeling conveyed to us repeatedly by CIOs...” “The Situation isn’t likely to improve any time soon.” “For Many CIOs, The staffing crisis is an overriding concern that adds risk to every project.” - CIO Magazine Specialized IT Security Resources are even harder to find

12 12 Security Outsourcing Expenses Source: IDC, 2000 $14.8 Billion Industry in 2003 – 45% CAGR Why Companies are outsourcing ? Dearth of skilled security talent –Universe of CISSPs less 1,500 Sophisticated attacks beyond capability of most IT departments –DDoS attack, Love Virus, etc. Carrier grade security SLAs unachievable by most IT departments –Follow the sun 24x7x365 model Security not typically a core competency of companies –Scale, budgets, staff usually subjugated to business issues Security intelligence missing –IT depts lack the ability to monitor hacker underworld and global events to proactively redress vulnerabilities and attacks Total Cost of Ownership (“TCO”) –Organizations cannot match economies of scale of a managed security service provider

13 13 Professional Services Partners foremostin Security Managed Security Services A portfolio ofSolutions

14 14 Security Professional Services … for the Winning Approach Solutions tailored to your needs … Risk Analysis Solutions Implementation Security Policies definition Security Management Security Audit A Team of Security Experts

15 15 Managed Security Services … IP Secure GatewayIPSec VPNs Managed Firewall Services Partnership with Internet Security Systems (ISS) a Leader in Security High quality of service Very competitive pricing for small, mid- size and big Extranet & Internet sites Managed Intrusion Detection Partnership with ISS Real time protection of mid-size, big Internet and E-Commerce sites Available on SITA Private Network SITA Internet Network Remote Access Features Scalable Solutions World class technology And … Digital Certificates Vulnerability Scanning Content Filtering …

16 16 Thank You ! Q & A

Download ppt "Joseph Ferracin Director IT Security Solutions Managing Security."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.

Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.
SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.

SAFE Blueprint and the Security Ecosystem. 2 Chapter Topics  SAFE Blueprint Overview  Achieving the Balance  Defining Customer Expectations  Design.
Security and Personnel

Security and Personnel
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Security Controls – What Works

Security Controls – What Works
Securing the Borderless Network March 21, 2000 Ted Barlow.

Securing the Borderless Network March 21, 2000 Ted Barlow.
Network and Security Patterns

Network and Security Patterns
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Chapter 12 Network Security.

Chapter 12 Network Security.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Virtual Private Network

Virtual Private Network
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Similar presentations

Ads by Google