1 / 10

Panelists

The Security Dashboard Visualizing IT and Business Risk Information Security Decisions October 6, 2004. Panelists. Pete Lindstrom, Spire Security Shon Harris, Logical Security Bill Boni, Motorola Moderator: Andy Briney, InfoSecurity. What’s a Security Dashboard?. Dashboard Wish List.

verlee
Download Presentation

Panelists

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Security DashboardVisualizing IT and Business RiskInformation Security DecisionsOctober 6, 2004

  2. Panelists • Pete Lindstrom, Spire Security • Shon Harris, Logical Security • Bill Boni, Motorola • Moderator: Andy Briney, InfoSecurity

  3. What’s a Security Dashboard?

  4. Dashboard Wish List • Simplifies the management of operational and IT security activities. • Correlates data from multiple sources and turns it into actionable information. • Maximizes technology investments by integrating with existing products. • Measures compliance with accepted practices, internal standards and government regulations (ISO 17799, GLBA, HIPAA, Basel II). • Tracks vulnerabilities and remediation status. • Prioritizes remediation activities by business impact. • Maintains historical information for trend analysis. • Maintains prioritized remediation action plans. • Facilitates communication between the Business, Information Security, Operations, Audit/Compliance and Risk Management. • Produces a meaningful management console/dashboard. Source: Steve Katz

  5. In a Nutshell… • Asset discovery and management • Vulnerability remediation • Threat correlation and assessment • Compliance/policy management • Reporting/audit • Prioritizes risks, remediation workflow • Treats operational risk as a lifecycle

  6. How realistic is Andy’s wish list? • It’s real: I’m running a management system that does most of this • Likely to happen, but not for a few years • Unlikely to happen in the near future • What you’re asking for is impossible. • I dunno enough about this to have an opinion.

  7. Now, for a dose of reality DASHBOARD OBSTACLES • Poorly conceived and executed risk analysis models and processes • Constantly changing risk environment • Evolving (immature?) technologies • Immature communications protocols and standards: No lingua franca • Poor understanding of relationship of technical risk to business risk

More Related