at t security consulting services n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
AT&T Security Consulting Services PowerPoint Presentation
Download Presentation
AT&T Security Consulting Services

Loading in 2 Seconds...

play fullscreen
1 / 12

AT&T Security Consulting Services - PowerPoint PPT Presentation


  • 270 Views
  • Uploaded on

AT&T Security Consulting Services. Security Consulting Services. Security Strategy & Roadmap. Secure Infrastructure Services. Vulnerability & Threat Management. Governance, Risk, Compliance. Application Security Services. Payment Card Industry Solutions.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'AT&T Security Consulting Services' - ganya


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security consulting services
Security Consulting Services

Security Strategy& Roadmap

Secure InfrastructureServices

Vulnerability & ThreatManagement

Governance, Risk,Compliance

Application Security Services

Payment Card

Industry Solutions

S e c u r i t y

who we are
Who We Are

AT&T Consulting Solutions At A Glance

Our Mission

  • To build trusted advisor customer relationships by delivering forward thinking, world-class infrastructure consulting services

Our Customers

  • Strategic clientele with large scale, complex & custom infrastructure needs
  • Public and private sector, domestic and multinational presence

Our Scope

  • Pure play consulting services – independent and objective solutions
  • Life cycle capabilities: Plan, Architect, Integrate, Optimize
  • Project-based engagement model aligned to specific business outcomes

Our Team

  • Part of AT&T Business Services
  • Seasoned consultants averaging 12 years industry experience
  • Executive team averaging 20 years leading global professional services
  • 11 offices across the U.S. & UK
security business drivers
Security Business Drivers
  • Evolving threats, increasing complexity
  • Evolution of Malware / Botnets
  • Cyber Protests / Events
  • Mobile Device Security
  • Re-emergence of Old Attacks
  • Security In The Cloud
  • Advanced Persistent Threats
  • Logical Attacks Against Physical Infrastructure
  • Social Media and Geolocation
  • Insider Attacks
  • Ipv4/Ipv6 Attacks
  • Compliance
at t security consulting practice towers
AT&T Security Consulting Practice Towers
  • Protecting business assets & enhancing enterprise Governance

Security Strategy & Roadmap

Advisory and development services providing programmatic frameworks for operational alignment, advanced technology deployments (mobility and cloud) and a life cycle approach to security and risk management.

Payment Card Industry Solutions

A range of comprehensive PCI compliance services that objectively help achieve and maintain PCI compliance including PCI assessments, readiness assessments, remediation assistance, and other related solutions.

Governance, Risk & Compliance

Security assessment services addressing regulatory requirements and/or industry standards, as well as security program development with an emphasis on usable frameworks for policy and security management aligned with the adoption of emerging technologies such as mobility, cloud.

Secure Infrastructure Services

A suite of life cycle offerings aligned with planning, architecting, integrating, and optimizing a secure network and infrastructure aligned with business and security goals.

Vulnerability & Threat Management

Services designed to provide an independent baseline and validation of the overall security posture from within or outside of the enterprise .

Application Security Services

Strategic and tactical security services focused on the applications supporting critical business processessuch as mobile , web based. Includes technical assessments, secure development life cycle reviews and program management consulting.

security strategy roadmap
Security Strategy & Roadmap
  • An advisory service to assist with the development of comprehensive information security strategies that are effective, manageable and offering maximum return on your security investments while addressing any emerging threats/risks specific to your business operations.

Strategy Development

Security Roadmap

  • Develop a comprehensive information security framework that can address the organization’s requirements for information protection, incident prevention, detection and response based on the organization’s risk and alignment with industry best practice frameworks
  • Develop customized roadmap with detailed project plans, identifying ownership, timelines and resource allocation for the effective implementation of the security strategies
governance risk compliance
Governance, Risk & Compliance

End-to-end consulting and advisory services for Information Security, Governance, Risk Management, Compliance and Implementation of standards, regulatory, contractual and internal security requirements.

  • Mobility and Cloud Security Risk Assessments
      • Risk Analysis
      • Remediation Roadmap
      • Implementation
  • FTC Mandated Assessments
    • Security Assessments
    • Initial & biennial
    • Planning & Remediation
  • Business Continuity Planning
    • Business Impact Analysis
    • Strategy & Plan
    • Training & Testing
  • ISO 27001/2 Assessments& Certification
    • Readiness Assessment
    • Planning & Implementation
    • Certification
  • Regulatory and Industry Standards-based Assessments
    • HIPAA, HITECH, HITRUST
    • GLBA
    • State Privacy Law
  • AT&T SureSeal Security Certified
    • Trust & Assurance
    • Security Assessment
    • Remediation Roadmap
at t payment card industry service offerings
AT&T Payment Card Industry Service Offerings

Annual Security Assessment

Performed by QSAs on-site for Level 1 and Level 2 entities (i.e. merchants)

Trusted Advisor

Bucket of hours for our clients to use for assistance in closing gaps between the PCI DSS requirements and their current state, and any other PCI related tasks

ReadinessAssessment

Pre-assessment service that helps clients identify gaps prior to the actual assessment

Vulnerability & ThreatManagement

Design and implement programmatic controls and processes to maintain compliance throughout the year

Payment Application Assessments

For clients who develop and resell payment applications to more than one entity, we can perform assessments per requirements of PCI’s Payment Application Data Security Standard

Approved Scanning Vendor (ASV)

Qualified Forensic Investigator

secure infrastructure services
Secure Infrastructure Services

Networks have become complex and fragmented due to rapid growth and acquisitions. An enterprise-based network security approach can provide tangible reduction in TCO, and enable a business to be more agile and competitive.

  • Secure Network Architecture
  • Planning, design and segmentation
  • Configuration reviews
  • Data center management
  • Mobile Security / Cloud Computing
  • Firewall Assessment Services
  • Implementation and administration
  • Migration and consolidation
  • Tuning (performance and compliance)
  • Security Event Management (SEM/SIM/SIEM)
  • Log consolidation, alerting and reporting
  • Intrusion Detection / Prevention / NAC placement and tuning
  • Data Discovery & Data Loss Prevention
  • Know where the data resides and traverses
  • Preventing data escaping the organization
vulnerability and threat management
Vulnerability and Threat Management

Provides an independent baseline and validation of the organization’s security posture. AT&T Consulting can simulate real-world attacks to identify vulnerabilities in the network, evaluate risks, and develop remediation plans that are tailored to unique business requirements and security needs

  • Vulnerability Management
  • VoIP Penetration Testing
  • Wi-Fi Penetration Testing
  • War Dial
  • Social Engineering
  • Mobile Security Assessments
  • Denial of Service based testing
  • Virtualization Security
  • Remote Access Assessment
  • Breach/Incident Response Testing

Vulnerability Assessments

Penetration Testing (aka Ethical Hacking)

  • Scanning of the target infrastructure, establishing a baseline and making compliance easier by validating external posture
  • Providing an overall security picture at a lower cost with repeatable exercises
  • Periodically verifying assets are properly protected; evaluating recurring differentials and managing vulnerabilities
  • Takes Vulnerability Assessment to the next level
  • Manual testing and exploits, in addition to false positive reduction of automated results
  • Taken from the perspective of a malicious external entity, or rogue internal resource
  • Verifying that defense in depth and response capabilities are working as designed, along with security controls validation
  • Required by many industry regulations and standards
application security
Application Security
  • The Application Security solution portfolio consists of tactical and strategic services to help organizations assess, manage, and reduce security risks arising from unsafe software development practices.
  • Application Security Assessments
  • Automated and manual testing designed to circumvent the logic of the application in order to gain elevated access to systems or information
    • Web Based
    • Mobile Applications
  • Application Security Program Management
  • Application inventory, identification and assignment of risk classification, development of testing plans, management and execution of program
  • Security Code Review
  • Industry common practice and PCI requirement
  • PCI DSS v1.2, section 6.3.7: Review of custom code prior to release to production or customers in order identify any potential coding vulnerability
  • OWASP Orizon Code Review, and Top 10
  • PCI PA-QSA Application Security Assessment
  • Visa & MasterCard encourage application development companies to certify their payment applications in accordance with the PCI Payment Application Best Practices program
  • Applications that meet these standards can be listed on the Visa web site as PCI-approved payment applications
trusted advisors

Compliance & Risk Reduction

In deployments, upgrades, operations, and security

Revenue Growth

Rapidly introduce new services into production

Trusted Advisors

Helping our customers navigate complex IT Transformation

Technology Strategy

Technology roadmap, refresh, migrations

Cost Performance

Reduce CapEx/OpEx

Consolidation

Shared Services

CIOAgenda

Governance and Sourcing

Process Frameworks & Sourcing Strategies