1 / 25

Microsoft Belgium Security Summit

Microsoft Belgium Security Summit. Georges Ataya S olvay B usiness S chool, ISACA Belux Detlef Eckert Microsoft EMEA. Agenda. Introduction How could you discuss security with the business people in your organisation? What security solutions can help to grow the business?

talen
Download Presentation

Microsoft Belgium Security Summit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft BelgiumSecurity Summit Georges Ataya Solvay Business School, ISACA Belux Detlef Eckert Microsoft EMEA

  2. Agenda • Introduction • How could you discuss security with the business people in your organisation? • What security solutions can help to grow the business? • What about security and Microsoft technology? • Risk Assessment: How to calcuate the "economic impact" of a security incident? • Conclusions: Isn’t it all about complexity?

  3. Agenda • Introduction • How could you discuss security with the business people in your organisation? • What security solutions can help to grow the business? • What about security and Microsoft technology? • Risk Assessment: How to calcuate the "economic impact" of a security incident? • Conclusions: Isn’t it all about complexity?

  4. The Security of Exclusion The Security of Inclusion “Enablement” “Protection” Introduction Source: PricewaterhouseCoopers LLP

  5. Finding the Right Balance Challenge to meet conflicting requirements Cost Functionality Availability Control Security

  6. Agenda • Introduction • How could you discuss security with the business people in your organisation? • What security solutions can help to grow the business? • What about security and Microsoft technology? • Risk Assessment: How to calcuate the "economic impact" of a security incident? • Conclusions: Isn’t it all about complexity?

  7. Management responsibility Security Objectives: Source : “IT Security Governance”, the IT Governance Institute (ITGI.org)

  8. Security management activity • Policy Development • Roles and Responsibilities • Design • Implementation • Monitoring • Awareness, Training and Education Source : the International Guidelines for Managing Risk of Information and Communications Statement #1: Managing Security of Information, issued by the International Federation of Accountants

  9. Business enablers • New technology provides the potential for dramatically enhanced business performance, • Information security can add real value to the organization by contributing to: • interaction with trading partners, • closer customer relationships, • improved competitive advantage and • protected reputation. • It can also enable new and easier ways to process electronic transactions and generate trust.

  10. Security Enabled Business Impact to Business Probability of Attack Risk Level ROI Connected Productive • Reduce Security Risk • Assess the environment • Improve isolation & resiliency • Develop and implement controls • Increase Business Value • Connect with customers • Integrate with partners • Empower employees

  11. Agenda • Introduction • How could you discuss security with the business people in your organisation? • What security solutions can help to grow the business? • What about security and Microsoft technology? • Risk Assessment: How to calcuate the "economic impact" of a security incident? • Conclusions: Isn’t it all about complexity?

  12. eCommerce • Electronic Contract Signing • Non-Repudiation • Digital Rights Management Mobile Workforce • Remote Access, VPN • Wireless LAN • Protect Laptop • Single-Sign-On Compliance with Regulation • Basel II • Data Protection Regulation • E-Commerce Regulation (eSignature, eProcurment, eInvoice, …) Collaboration & Communication • Confidentiality • Authentication • Availability • Secure Extranet Business Challenges Requiring Security Solutions

  13. Agenda • Introduction • How could you discuss security with the business people in your organisation? • What security solutions can help to grow the business? • What about security and Microsoft technology? • Risk Assessment: How to calcuate the "economic impact" of a security incident? • Conclusions: Isn’t it all about complexity?

  14. What about security and Microsoft technology? • How much to trust any technology, any business process and operations? • Need for adequate risk management process • Risk mitigation projects to be championed by management • What is Microsoft’s track record in security and what are its perspectives • Analyze how those could impact own critical business?

  15. “Critical” & “Important” Security Bulletins Quality & Engineering Excellence 36 Number of Bulletins 6 Days after availability

  16. Microsoft will certify all eligible products Stable Protection Profile available Demonstrated customer need Common Criteria Certification • Window Server 2000, Windows 2000 & Windows 2000 Certificate Server • Certified EAL4+ • ISA • Certified EAL2 • Windows Server 2003, Windows XP, ISA 2004 • In evaluation • SQL Server, Exchange • In planning

  17. Agenda • Introduction • How could you discuss security with the business people in your organisation? • What security solutions can help to grow the business? • What about security and Microsoft technology? • Risk Assessment: How to calcuate the "economic impact" of a security incident? • Conclusions: Isn’t it all about complexity?

  18. Mission and Vision Operating Principles Risk Based Decision Model Tactical Prioritization Components of Risk Assessment Asset Threat Vulnerability Mitigation What are you trying toassess? What are you afraid of happening? How could the threat occur? What is currently reducing the risk? Impact Probability What is the impact to the business? How likely is the threat giventhe controls? + = Current Level of Risk What is the probability that the threat will overcome controls to successfully exploit the vulnerability and affect the asset?

  19. “Economic impact" of a security incident? • Business not a professional exercise • Related to asset identification and valuation • Impact should include various cost elements • Loss of opportunity • Reputation impact • Replacement costs • The value of integrity availability and confidentiality of information

  20. Agenda • Introduction • How could you discuss security with the business people in your organisation? • What security solutions can help to grow the business? • What about security and Microsoft technology? • Risk Assessment: How to calcuate the "economic impact" of a security incident? • Conclusions: Isn’t it all about complexity?

  21. A complexity issue • Continuous complexity of systems, processes and number of involved stakeholders • Stakeholders include business decision makers (BDM) • Alignment is required between TDB and BDN on: • Security requirements driven by enterprise requirements • Security solutions fit for enterprise processes • Investment in information security aligned with the enterprise strategy and agreed-upon risk profile

  22. Resources • General http://www.microsoft.com/security • Consumers http://www.microsoft.com/protect • Security Guidance Center http://www.microsoft.com/security/guidance • Tools http://www.microsoft.com/technet/Security/tools • How Microsoft IT Secures Microsoft http://www.microsoft.com/technet/itsolutions/msit • E-Learning Clinics https://www.microsoftelearning.com/security • Events and Webcasts http://www.microsoft.com/seminar/events/security.mspx

  23. Security Mobilization Initiative • Security = People, Processes & Technology • http://www.microsoft.com/belux/nl/securitymobilization/default.mspx • Training & Offerings • Security Partners • CTEC’s • Microsoft Events • Tools • Security Guidance Kit

  24. Next Events • TechNet Evening: Application & Data Security • 17, 18, 19 May • Active Directory Security • June 3rd John Craddock • MSDN Evening Chapter • June 3rd SharePoint Development • TechNet Evening: Advanced Client & Server Security • 22, 23, 24 June • http://www.microsoft.com/belux/nl/securitymobilization/events.mspx

More Related