2. ICT Security 2009 - Risks
• 79% - don’t believe Security Software of
Digital Signature provides Sufficient
Protection
• 50% - Organization not protected against
Malware based on attack trends
• 62% - not enough time resources to
address vulnerabilities
• 66% - out of work during recession will
lead to more people joining cyber-criminal
underground
3. ICT Security 2009 – Arms Race
• 41% - increase in sophistication of
attacks
• 45% - increase in phishing attacks on
employees
• 49% - (financial services) increase in
technical sophistication of attacks
• 63% - infected web site biggest cause of
compromise of online security
4. Quote
“Every morning in Africa a gazelle wakes
up. It knows it must outrun the fastest
lion or it will be killed. Every morning in
Africa a lion wakes up. It knows it must
run faster than the slowest gazelle or it
will starve. It doesn’t matter if you’re a
gazelle or a lion: when the sun comes
up, you had better be running.”
- H.H. Sheikh Mohammed Bin Rashid Al Maktoum.
5. Securing Information Today
Threats
Cyber terrorism Viruses
Industrial Threats
Espionage Environmental
Natural Unintended results
Disasters (The “OOPS” factor)
6. Securing Information Today
Business Risks
Financial Intellectual
loss capital
Public Business Litigation
Image/Trust Risks
Employee &
Legislative
customer
violations
privacy
7. Threats to Infrastructure
DATA CORRUPTION COMPONENT FAILURE APPLICATION FAILURE
HUMAN ERROR MAINTENANCE SITE OUTAGE
15. Views of Security and
Risk Management
Business View
Service and
Continuity
Customer Focus
Managing Risks
Operation Risk Controls
Auditing
Governance & Compliance
IT Infrastructure
Disaster Recovery
High Availability
16. Risk Management
Elimination
Reduction/Controls
Transfer/Outsource
Insurance
Not all risk can be Residual
eliminated via
controls
17. Why should you care?
Better Incidence Response & Availability
Best Practices
Quick troubleshooting
Knowledge base
Higher Availability
Efficient Security Operations
Support
Availability of qualified resources
Infrastructure protection
Infosec, BCM, ITIL Best Practices
24x7x365 Monitoring
Vendor Management
Managed People, Process, Technology
20. Holistic Implementation
SLA
24x7x365
Process Industry Best Practices
ITIL based processes
Data Center Best Practices
Technology Latest Monitoring tools
State of the Art knowledge base
Secure technology
Certified and Trained Staff
People Technical Experts
Cross Training
Onsite and Offsite
21. Infosec:
Global Delivery Services - GDS
• On-site & Off-site resource Mix
• Fully managed and supported environment
• Enterprise Management Solution (EMS)
• Predictable cost model
• Performance & Trend analysis
• Alert, Monitoring, Notification & Escalation
• Training and Knowledge Transfer
• 24x7x365 with SLA
22. Managed Services
Provide Agility
• Knowledge Base
•Incidence diagnosis
•Root Cause analysis
•Quicker Response
•Response Planning
•Certified Resources
•Single Vendor Management
26. Cost Effective
Management Mix
Network Platforms Database Applications
Storage
Level-1
Monitoring, Incident and Problem Management Resolution Processes
80-100% Offsite
Change, Configuration and Release Management
Level-2
Capacity and Availability Management
Operational Processes
Service Continuity, Security 20-80% Offsite
Service Level Management
Level-3
Capacity planning and Financial Management Strategic Processes
100% Onsite
Business Relationship and Supplier Management
27. Best Practices Structure
Organization Goals and
Objectives Policies
How to achieve Processes, Pro
organization goals and cess Diagrams &
objectives Models
How to perform the Procedures and
activities that are needed Guidelines
Artifacts used to perform
activities Templates, Forms, Checklists
References to use for Self Help, Knowledge
efficient performance Articles, Project Artifacts
28. Managed Services Framework
Aggregated Reporting / Portal / I2MP, Service Desk
ITIL Compliant Best Practices
Monitoring, Automation Tools
Redundancy / High Availability / Disaster Recovery
Desktop Network Servers Databases Storage Applications
Center of
Onsite Offsite Vendor A Vendor B Call Center
Excellence