1 / 16

GlobalSecurity @SITA

Managing Security. GlobalSecurity @SITA. Joseph Ferracin Director IT Security Solutions. A Security organization A Security Framework – Guidelines and Policies Company’s Management support End-Users involvement A security plan A budget Skilled Security people.

murphyd
Download Presentation

GlobalSecurity @SITA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Security GlobalSecurity@SITA Joseph Ferracin Director IT Security Solutions

  2. A Security organization A Security Framework – Guidelines and Policies Company’s Management support End-Users involvement A security plan A budget Skilled Security people In Modern Networked IT Environments Efficient security requires

  3. The organization Create a Security Office That is Independent of IT. Reports to the top management Defines the security framework and the high level policies Drives security Audits & Assessments Defines the security plan & Proposes security budget Helps in Security implementations Create a security council That Includes Security Officer, Top management representative(s), IT representative(s) Endorses Security policies Validates Security Plan & Security budget

  4. The Framework We recommend BS7799 The BS 7799 Information Security Standard is published in two parts: • Part 2 Specification for ISO/IEC 17799 Part 1 Code of practice for Information Security Management • BS 7799 Information Security Management Purchase on line: http://www.bsi-global.com/Information+Security/04_Standards_infosec/index.xhtml BS 7799 shall be regarded as a guidance BS 7799 certification is complex

  5. Get management support Propose a risk assessment Company’s management is responsible for the security of Company assets Vulnerabilities in IT security organization and in IT equipment configurations must be know. Associated risks must be evaluated. Suggest the necessity of a high level security policy Suggest to develop a security plan Costs: $100 000 <-> $600 000

  6. Involve End Users Education Users must know and understand the security policy They must be conscious of the value of their own data. Avoid constraints – Try to suggest – Use flattery Security has to be as transparent as possible Use appropriate technology

  7. Availability of Information Systems Confidentiality & Privacy of Sensitive Information Access control on Networks, Systems & Applications Integrity ofTransactions Security issues: You want to guarantee

  8. Firewalls Encryption Public key infrastructures Centralized management Anti-virus Intrusion detection Strong authentication Security policies Security migration plans Define secure architectures Design security solutions Firewalls Strong authentication IPSec VPNs Digital certificates Intrusion detection Security is a continuous process Assess risks Audit implementations Analyze vulnerabilities

  9. Virus Detection PKI Smart Cards Active Directory Kerberos V5 Strong Authentication Authorization Service Authentication Service Single Sign On Anti-Virus Role Based Authorization Security on the Intranet bbb Workstations Mainframes Servers

  10. Intrusion Detection Demilitarized Zone (DMZ) Access Control No Security SSL Encrypted Transaction Integrity Confidentiality Corporate Intranet IPSec Encrypted VPN Authentication IPSec Encrypted VPN Firewall VPN Availability Security on the Internet Consumer Trusted Consumer Business Partner Employee

  11. Why Outsource Security? “Under-staffed, under-skilled, overwhelmed. That’s the sinking feeling conveyed to us repeatedly by CIOs...” “The Situation isn’t likely to improve any time soon.” “For Many CIOs, The staffing crisis is an overriding concern that adds risk to every project .”- CIO Magazine Specialized IT Security Resources are even harder to find Security Engineer $109,000 Network Admin. $65,000 I.T. resource shortage

  12. Security Outsourcing Expenses Why Companies are outsourcing ? • Dearth of skilled security talent • Universe of CISSPs less 1,500 • Sophisticated attacks beyond capability of most IT departments • DDoS attack, Love Virus, etc. • Carrier grade security SLAs unachievable by most IT departments • Follow the sun 24x7x365 model • Security not typically a core competency of companies • Scale, budgets, staff usually subjugated to business issues • Security intelligence missing • IT depts lack the ability to monitor hacker underworld and global events to proactively redress vulnerabilities and attacks • Total Cost of Ownership (“TCO”) • Organizations cannot match economies of scale of a managed security service provider $14.8 Billion Industry in 2003 – 45% CAGR Source: IDC, 2000

  13. Professional Services Managed Security Services Partners foremostin Security A portfolio of Solutions

  14. Solutions tailored to your needs … A Team of Security Experts Solutions Implementation Security Policies definition Security Management Risk Analysis Security Audit … for the Winning Approach Security Professional Services

  15. IP Secure Gateway IPSec VPNs • Available on SITA Private Network SITA Internet Network Remote Access • Features Scalable Solutions World class technology • Managed Firewall Services Partnership with Internet Security Systems (ISS) a Leader in Security High quality of service Very competitive pricing for small, mid-size and big Extranet & Internet sites • Managed Intrusion Detection Partnership with ISS Real time protection of mid-size, big Internet and E-Commerce sites Managed Security Services … And… Digital Certificates Vulnerability Scanning Content Filtering …

  16. Thank You ! Q & A

More Related