Setting up an Security Operations Center (SOC) A step by step approach
|
|
- Barnard Allen
- 6 years ago
- Views:
Transcription
1 Setting up an Security Operations Center (SOC) A step by step approach Abdul Rahman Mohamed VP, IT Strategy, Risk & Delivery Group IT, Malaysia Airlines 07 November 2012
2 My apology. I am standing between you and home sweet home. I ll be On-Time.
3 About the speaker 19 years of experience Was CISSP and CISM Oil and Gas, Banking and Consultancy IT Strategy & Transformation, Governance, Risk & Security, IT Service Delivery, Project Management
4 We are here to share our experience In setting up an internal SoC, as well as its journey and evolution Its value to our business The lesson learned DISCLAIMER: It works for us.
5 Allow me to introduce the Air Travel Industry.
6 The Airline industry is glamorous, and a quick way to lose money.. How do you become a millionaire? First, become a Billionaire, then you run an Airline Sir Richard Branson
7 Group IT is the enabler and IT partner of THE PREFFERED PREMIUM CARRIER People First, Data Centers (incl MHNet, SITA, Enrich) Bergen Stockholm Oslo Helsinki Aberdeen Sandefjord Stavenger Glasgow Edinburgh Gothenburg Belfast Teesside Copenhagen Dublin Leeds Amsterdam Manchester London Frankfurt Brussels Vienna Milan Munich Geneva Barcelona Madrid mil Pax /annum (2010/11) Over 90 Stations (MW,FY,MH) 20K Staff Rome Windhoek, NAMIBIA Johannesburg Athens Harare, ZIMBABWE Victoria Falls, ZIMBABWE Port Elizabeth Figures per December 2011 Durban Maseru, LESOTHO East London Bahrain Doha Dar es Salaam TANZANIA Maputo MOZAMBIQUE Gaborone, BOTSWANA Muscat Mauritius Tashkent Colombo Yangon Beijing Inch on Seoul Kansai Tokyo Nagoya Fukuoka Shanghai Guangzhou Hong Kong Hanoi Manila Bangkok Siem Reap Phnom Penh Phuket Cebu Langkawi Ho Chi Minh Penang KUALA LUMPUR Medan Kota Kinabalu Singapore Kuching Jakarta Surabaya Denpasar Perth Broome Darwin 56 applications 16K IT Devices 45 FTEs Over 12 Key IT Partners Cairns Townsville Hamilton Island Mackay (out of 84) Rockhampton Fraser Coast Sunshine Coast Brisbane Gold Coast Ballina Byron Coffs Coast Adelaide Newcastle Sydney MelbourneCanberra Launceston Hobart
8 Lets get to the actual presentation
9 The steps that we took in establishing the SoC. Find the right resources Find the business value of your SoC Get the Sponsors and know your stakeholders Begin with the end in mind Start small Leverage Can pause but keep evolving Marketecture
10 1 In any endeavors, we have to have the right resource for the job that meet the following criteria: Committed to Integrity; Committed to Performance and Committed to Change. Jeff Immelt CEO, GE
11 There is no such thing as an IT project, there is only business project Paul Coby Ex CIO British Airways
12 Else You syok sendiri i Abdul Rahman Mohamed Future CIO
13 2 We established the SoC for the airline business. Alignment with corporate strategies and Business Transformation Plan (BTP2): No compromise on safety and security Serve Customer, Make Money, Save Money Compliance with regulatory requirements (local and international) e.g. Anti Trust/Competition Law, Data Privacy, PCI, National Cyber Security Policy (NCSP) Increase in IT Outsourcing activity and the need for near realtime transparency
14 3 People First, The projects was actually owned by Corporate Security but funded by IT. Board Safety and Security Committee Management Committee IT Service Delivery Operations Group IT IT Strategy & Governance Info/IT Security Information Risk & Security CSSHE* Corporate Security Risk Mgmt Business Assurance Corp. Services Risk Advisory Services SITO*** SACC** Security Assurance Audit & Business Advisory IT Security Operations Corp. Security Corp. Risk & Governance * Corporate Safety, Security, Health & Environment ** Security Assurance Control Center *** Strategic IT Outsourcing
15 There are external stakeholders as well. Board Safety and Security Committee Management Committee IT Service Delivery Operations Group IT IT Strategy & Governance Info/IT Security Information Risk & Security CSSHE* Corporate Security Risk Mgmt Business Assurance Corp. Services Risk Advisory Services SITO*** SACC** Security Assurance Audit & Business Advisory IT Security Operations Corp. Security Corp. Risk & Governance * Corporate Safety, Security, Health & Environment ** Security Assurance Control Center *** Strategic IT Outsourcing
16 4 People First, Once we established the business justification, i we would envision the end in mind.
17 This is half of your journey.
18 We started our journey with a 5 year vision. PHASE 1 PHASE 2 PHASE 3 PHASE 4 Assurance and visibility to Business Integration to Business Optimized for Stakeholder s Confidence in IT Controls Integration to Corporate GRC icy Poli Proce ess / Te ech Corp Info Security Policy Information Security Dashboard IT Compliance Mgmt Sec Incident & Event Mgmt Threat Vulnerability Mgmt Assurance testing Policy Alignment Link with Corp Security dashboard Content Security Services Svc Provider assessment IT Risk Management IT Assets Mgmt Comprehensive view Link dashboard to external/ service provider Info Leakage Prevention Digital Rights Mgmt Identity & Access Mgmt Info Retention & e- Discovery Integrate with corporate GRC framework People Awareness: Classroom Handbook, Video E-Awareness, Portal Certification Res sults / Be enefits Assurance of control effectiveness Information Security visible at Corp. Security Integration with Integration of security corporate security processes and technology business objectives Obtain stakeholder s confidence Transparency Visibility
19 In reality, not everything goes as planned. But stick to it PHASE 1 PHASE 2 PHASE 3 PHASE 4 Assurance and visibility to Business Integration to Business Optimized for Stakeholder s Confidence in IT Controls Integration to Corporate GRC icy Poli Proce ess / Te ech Corp Info Security Policy Information Security Dashboard IT Compliance Mgmt Sec Incident & Event Mgmt Threat Vulnerability Mgmt Assurance testing Policy Alignment Link with Corp Security dashboard Content Security Services Svc Provider assessment IT Risk Management IT Assets Mgmt Comprehensive view Link dashboard to external/ service provider Info Leakage Prevention Digital Rights Mgmt Identity & Access Mgmt Info Retention & e- Discovery Integrate with corporate GRC framework People Awareness: Classroom Handbook, Video E-Awareness, Portal Certification Res sults / Be enefits Assurance of control effectiveness Information Security visible at Corp. Security Integration with Integration of security corporate security processes and technology business objectives Obtain stakeholder s confidence Transparency Visibility
20 5 People First, We start small and called our SoC Security Assurance Control Center (SACC) using Subscription on-site Security Assurance Control Center Assurance Monitoring Assurance Testing Unplanned Assurance Reporting & Dashbo oard Policy Compliance Threat & Vulnerability Management Security Event Management Incident Response Sched dule of Tes st Internal & External Penetration test Station IT Security Posture Network Services Attestation Web Application code assurance Social Engineering Drill Price Agre eement Sc chedule of Additional Device For Monitoring Additional Testing Services Forensic services Other security services By man day rate
21 We did not own the tools, license, resources and servers. We own the information and results only. Security Assurance Control Center Assurance Monitoring Assurance Testing Unplanned Assurance Reporting & Dashbo oard Policy Compliance Threat & Vulnerability Management Security Event Management Incident Response Sched dule of Tes st Internal & External Penetration test Station IT Security Posture Network Services Attestation Web Application code assurance Social Engineering Drill Price Agre eement Sc chedule of Additional Device For Monitoring Additional Testing Services Forensic services Other security services By man day rate
22 IBM d i g i t a l d i g i t a l d i g i t a l d i g i t a l d i g i t a l imac imac imac Assurance monitoring i ensures compliance and all critical devices at HQ and stations are sufficiently protected Assurance Monitoring Reporting & Dashboard Policy Compliance Threat & Vulnerability Management Security Event Management Incident Response IT Helpdesk Threat Mgmt Center
23 IBM d i g i t a l d i g i t a l d i g i t a l d i g i t a l d i g i t a l imac imac imac Assurance testing ti is to provide the security view from the perpetrators for security improvements Assurance Testing Internal & External Penetration test Tester f Test Station IT Security Posture Schedule of Network Services Attestation Web Application code assurance Social Engineering Drill Tester
24 6 We also leverage on other s capabilities, locally MoU between Malaysia Airlines and CyberSecurity Malaysia
25 We also leverage on other s capabilities, internationally. MoU between Malaysia Airlines and Tata Consultancy Services
26 7 People First, As mentioned earlier, we did pause for certain capabilities but we continue to evolve into IT Control Tower Security Assurance Control Center IT Control Tower Assurance Monitoring Assurance Testing Unplanned Assurance RealITy Dashboard Reports porting & Dashboard Re Policy Compliance Threat & Vulnerability Management Security Event Management Incident Response Schedule of Test Internal & External Penetration test Station IT Security Posture Network Services Attestation Web Application code assurance Social Engineering Drill Sched dule of Price Agreem ment Additional Device For Monitoring Additional Testing Services Forensic services Other security services By man day rate Security Team Support Teams All Vendors IT IS Team ESM Team TM Team MH Mail Team
27 IT Control Tower uses more comprehensive tools which focuses on end to end IT services including Security and Compliance
28 8 People First, Talk the walk is equally important to walk the talk We need to marketecture. We communicate our findings to Board Safety and Security Committee - Quarterly Accountable Managers Meeting - Quarterly IT Management Monthly Participate in Cyberdrills with MKN and CyberSecurity y Malaysia Repels targeted attacks on Malaysia Airlines on 1 July 2012 (16 hours) Visits from fellow GLCs and Government agencies
29 IT Security Index Global Threat and Vulnerability Virus Protection Index Overall - Low Overall - Low Overall VPI % Status as on : July 2012 Report Status as on : July 2012 Report Status based on : July 2012 Report SPAM Filtering i Index IT Security Policy Compliance IT Security Incidents Overall SFI 81.6 % Overall IT SPC % Overall - Medium Status based on : July 2012 Report Status as on : July 2012 Report Status as on : July 2012 Report
30 We were awarded d for the Information Security project of the year 2009
31 We were awarded for the IT Visionary Award for Asia South 2008
32 In 2010, as a result of the earlier initiatives, i i i we won more awards It is nice to be appreciated. CIO of the year CIO of the year Deputy Minister Award Information Security projects of the year PCI-DSS
33 As a Recap Find the right resources Find the business value of your SoC Get the Sponsors and know your stakeholders Begin with the end in mind Start small but shout big Leverage Can pause but keep evolving Marketecture
34 Thank you
BHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationBHConsulting. Your trusted cybersecurity partner
Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationEY Cyber Response Services. Plan. React. Recover.
EY Cyber Response Services Plan. React. Recover. Insurance claim preparation Data recovery How EY can help Data privacy and GDPR compliance Cyber planning Our full suite of cyber capabilities Litigation
More informationTHE PLATFORM EQUINIX VISION
THE PLATFORM EQUINIX VISION Build Here, and Go Anywhere SUMMARY Key trends are driving the need for a single interconnection platform for digital business On the Equinix global interconnection platform
More informationISE North America Leadership Summit and Awards
ISE North America Leadership Summit and Awards November 6-7, 2013 Presentation Title: Presenter: Presenter Title: Company Name: Embracing Cyber Security for Top-to-Bottom Results Larry Wilson Chief Information
More informationWireless e-business Security. Lothar Vigelandzoon
Wireless e-business Security Lothar Vigelandzoon E-business evolution Increased business drivers for cost efficiency & market penetration Increased Importance of brand reputation Distance between IT and
More informationDefensible Security DefSec 101
Defensible Security DefSec 101 Security Day November 2017 Information Security Branch Paul Falohun Senior Security Analyst Dan Lathigee Senior Project Manager Content 1 Introduction 2 DefSec for PSO 3
More informationCybersecurity Session IIA Conference 2018
www.pwc.com/me Cybersecurity Session IIA Conference 2018 Wael Fattouh Partner PwC Cybersecurity and Technology Risk PwC 2 There are only two types of companies: Those that have been hacked, and those that
More informationTHE PLATFORM EQUINIX VISION
THE PLATFORM EQUINIX VISION Build Here, and Go Anywhere SUMMARY Key trends are driving the need for a single interconnection platform for digital business On the Equinix global interconnection platform
More informationAligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert
Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements
More informationBe PCI compliant. Secure your customers credit card information.
Be PCI compliant. Secure your customers credit card information. Risks in e-business Today In this generation, many proprietors are moving on to e-commerce and venturing into selling (or buying) electronically.
More informationHealthcare Security Success Story
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Healthcare Security Success Story
More informationCyber Risk Services Going beyond limits
Cyber Risk Services Going beyond limits Current Threat Environment Security breaches: 318 Scanned websites with vulnerabilities: 78% Average identities exposed per breach: 1.3 Million Email malware rate
More informationWhite Paper. How to Write an MSSP RFP
White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationChanging the Game: An HPR Approach to Cyber CRM007
Speakers: Changing the Game: An HPR Approach to Cyber CRM007 Michal Gnatek, Senior Vice President, Marsh & McLennan Karen Miller, Sr. Treasury & Risk Manager, FireEye, Inc. Learning Objectives At the end
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationLESSONS LEARNED IN SMART GRID CYBER SECURITY
LESSONS LEARNED IN SMART GRID CYBER SECURITY Lynda McGhie CISSP, CISM, CGEIT Quanta Technology Executive Advisor Smart Grid Cyber Security and Critical Infrastructure Protection lmcghie@quanta-technology.com
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationACCREDITED TRAINING IN PARTNERSHIP WITH
ACCREDITED TRAINING IN PARTNERSHIP WITH ABOUT ENABLE LEARN ServiceNow training delivered differently. Virtual courses and training labs located in Australia, Singapore and Hong Kong. WE ASSESS AND CUSTOMISE
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationAdaptive & Unified Approach to Risk Management and Compliance via CCF
SESSION ID: SOP-W08 Adaptive & Unified Approach to Risk Management and Compliance via CCF Vishal Kalro Manager, Risk Advisory & Assurance Services (RAAS) Adobe @awish11 Disclaimer All the views presented
More informationA Framework for Managing Crime and Fraud
A Framework for Managing Crime and Fraud ASIS International Asia Pacific Security Forum & Exhibition Macau, December 4, 2013 Torsten Wolf, CPP Head of Group Security Operations Agenda Introduction Economic
More informationOperations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ
Operations & Technology Seminar Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Roundtable Crowne Plaza Monroe, Monroe Township, NJ Tuesday, November 8, 2016
More informationClick to edit Master title style. DIY vs. Managed SIEM
DIY vs. Managed SIEM Meet Paul Paul Caiazzo Principal, Chief Security Architect CISSP, CISA, CEH M.S. Information Security and Assurance 15+ years of experience in Information Security Connect with me:
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More informationCYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World
CYBER CAMPUS THE CYBER SCHOOL FOR THE REAL WORLD. KPMG BUSINESS SCHOOL The Business School for the Real World In the real world, cyber security applies to all: large firms and small companies, tech experts,
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationBUSINESS OPPORTUNITIES: MALAYSIA FOR ASEAN
Medical Devices Pharmaceutical BUSINESS OPPORTUNITIES: MALAYSIA FOR ASEAN WAHIDA ABDUL RAHMAN Malaysian Investment Development Authority (MIDA) Biotechnology Driving Transformation, Powering Growth Air
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationPredstavenie štandardu ISO/IEC 27005
PERFORMANCE & TECHNOLOGY - IT ADVISORY Predstavenie štandardu ISO/IEC 27005 ISMS Risk Management 16.02.2011 ADVISORY KPMG details KPMG is a global network of professional services firms providing audit,
More informationDHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1
Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com
More informationBackground FAST FACTS
Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance
More informationRFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template
RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline
More informationEngaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,
Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev
More informationNATIONAL STRATEGY:- MALAYSIAN EXPERIENCE
NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE Devi Annamalai Security, Trust and Governance MCMC 28th August 2007 Hanoi. Vietnam BACKGROUND MCMC is a statutory body established under the Malaysian Communications
More informationBusiness Context: Key for Successful Risk Management
Business Context: Key for Successful Risk Management Philip Aldrich, CISSP, CISM, CISA, CRISC, CIPP Program Director, Risk Management EMC Event Alert Finding Incident Law Vulnerability Regulation Audit
More informationCyber security - why and how
Cyber security - why and how Frankfurt, 14 June 2018 ACHEMA Cyber Attack Continuum Prevent, Detect and Respond Pierre Paterni Rockwell Automation, Connected Services EMEA Business Development Manager PUBLIC
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationHow to Write an MSSP RFP. White Paper
How to Write an MSSP RFP White Paper Tables of Contents Introduction 3 Benefits Major Items of On-Premise to Consider SIEM Before Solutions Security Writing an RFP and Privacy 45 Benefits Building an of
More informationGateway to Asia NEW ASIA PAC EDITION
Gateway to Asia A guide to how Asia s leading ICT partner can provide infrastructure solutions and advice to help EU companies develop, grow and consolidate business in the Asia-Pacific region. NEW ASIA
More informationSIEM: Five Requirements that Solve the Bigger Business Issues
SIEM: Five Requirements that Solve the Bigger Business Issues After more than a decade functioning in production environments, security information and event management (SIEM) solutions are now considered
More informationto protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
Executive Summary As a County Government servicing about 1.5 million citizens, we have the utmost responsibility to protect the well-being of citizens. Fairfax is also home to some Fortune 500 and large
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationCybersecurity and Data Protection Developments
Cybersecurity and Data Protection Developments Nathan Taylor March 8, 2017 NY2 786488 MORRISON & FOERSTER LLP 2017 mofo.com Regulatory Themes 2 A Developing Regulatory Environment 2016 2017 March CFPB
More informationAddressing Vulnerabilities By Integrating Your Incident Response Plans. Brian Coates Enaxis Consulting
Addressing Vulnerabilities By Integrating Your Incident Response Plans Brian Coates Enaxis Consulting Contents Enaxis Introduction Presenter Bio: Brian Coates Incident Response / Incident Management in
More informationCloud Computing: Overcoming the Legal and Regulatory Challenges. November
Cloud Computing: Overcoming the Legal and Regulatory Challenges November 2011 2 Cloud Computing: Overcoming the Legal and Regulatory Challenges November 2011 Cloud Computing Overcoming the Legal and Regulatory
More informationSafety & Security of Major Sporting Events: Risk Management Challenges of Olympic proportions!
Safety & Security of Major Sporting Events: Risk Management Challenges of Olympic proportions! Malcolm Tarbitt Executive Director - International Centre for Sport Security 2015 - Case Study ICSS Overview
More informationSecurity Metrics Framework
HP Enterprise Services Metrics Framework Richard Archdeacon October 2012 Effective Spending: Better metrics allow intelligent spending on security that matters The current primary focus of information
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationISO Professional Services Guide to Implementation and Certification AND
ISO 27001 Professional Services Guide to Implementation and Certification AND 1 DEKRA Company Overview Founded in Stuttgart, Germany in 1925 In more than 50 countries around the world GLOBAL PARTNER FOR
More informationMark Littlejohn June 23, 2016 DON T GO IT ALONE. Achieving Cyber Security using Managed Services
Mark Littlejohn June 23, 2016 DON T GO IT ALONE Achieving Cyber Security using Managed Services Speaker: Mark Littlejohn 1 Mark is an industrial technology professional with over 30 years of experience
More informationPCI compliance the what and the why Executing through excellence
PCI compliance the what and the why Executing through excellence Tejinder Basi, Partner Tarlok Birdi, Senior Manager May 27, 2009 Agenda 1. Introduction 2. Background 3. What problem are we trying to solve?
More informationOperationalizing Cybersecurity in Healthcare IT Security & Risk Management Study Quantitative and Qualitative Research Program Results
Operationalizing Cybersecurity in Healthcare - - 2017 IT Security & Risk Management Study Quantitative and Qualitative Research Program Results David S. Finn, CISA, CISM, CRISC Health IT Officer, Symantec
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationThe ACA Qualification Creating leaders in Accountancy, Finance and Business
The ACA Qualification Creating leaders in Accountancy, Finance and Business 23 June 2016 Mark Billington FCA, Regional Director, South East Asia We provide qualifications and career support to over 145,000
More informationTRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald
TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust
More informationTechnology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited
Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationegensburg, February 1st, 2005
FCOS Press Briefing Giesecke & Devrient at a glance Christian Jüttner Vice President Strategic Marketing Regensburg, February 1st, 2005 Our Vision: Giesecke & Devrient as the technology and global leader
More informationA Comprehensive Guide to Remote Managed IT Security for Higher Education
A Comprehensive Guide to Remote Managed IT Security for Higher Education About EventTracker EventTracker enables its customers to stop attacks and pass IT audits. EventTracker s award-winning product suite
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationGDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018
GDPR Privacy Webinar Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018 Prioritizing Your Path to GDPR Compliance Presented by Half-Day Workshops Online
More informationDemystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow
Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases Gen Fields Senior Solution Consultant, Federal Government ServiceNow 1 Agenda The Current State of Governance, Risk, and Compliance
More informationIsaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.
Isaca EXAM - CISM Certified Information Security Manager Buy Full Product http://www.examskey.com/cism.html Examskey Isaca CISM exam demo product is here for you to test the quality of the product. This
More informationDFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com
DFARS Compliance SLAIT Consulting SECURITY SERVICES Mike D Arezzo Director of Security Services Introduction 18+ year career in Information Technology and Security General Electric (GE) as Software Governance
More informationSRM Service Guide. Smart Security. Smart Compliance. Service Guide
SRM Service Guide Smart Security. Smart Compliance. Service Guide Copyright Security Risk Management Limited Smart Security. Smart Compliance. Introduction Security Risk Management s (SRM) specialists
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationCybersecurity program & best practices
Cybersecurity program & best practices How Gogo Business Aviation secures its airborne networks and inflight internet systems Live Webinar Thursday, September 28, 2017 Welcome & housekeeping notes Webinar
More informationA Pragmatic Path to Compliance. Jaffa Law
A Pragmatic Path to Compliance Jaffa Law jaffalaw@hk1.ibm.com Introduction & Agenda What are the typical regulatory & corporate governance requirements? What do they imply in terms of adjusting the organization's
More informationPCI Compliance Simplified A Case of Airport Parking System PCI Readiness
PCI Compliance Simplified A Case of Airport Parking System PCI Readiness Customer Info: Industry: Travel, Transportation & Logistics Customer: A Group of Major Airports Region: Americas Country: United
More information2016 KPMG AS, a Norwegian limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG
1 1 Cyber Security A game changer? Cyber Risk in Internet of everything age April 7th, 2016 3 3 What is disruptive technology? 4 What if our «things» turn against us? Sources: sfglobe.com, wired.com, forbes.com
More informationCloud Computing - Reaping the Benefits and Avoiding the Pitfalls. Stuart James & Delizia Diaz. Intellectual Property & Technology Webinar
Intellectual Property & Technology Webinar Cloud Computing - Reaping the Benefits and Avoiding the Pitfalls Stuart James & Delizia Diaz 37 Offices in 18 Countries Birmingham Wednesday, 11 July 2012 Speakers
More informationISE Canada Executive Forum and Awards
ISE Canada Executive Forum and Awards September 19, 2013 "Establishing a Cost Effective PCI DSS Compliance Program by Having a Can Do Attitude Della Shea Chief Privacy & Information Risk Officer Symcor
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationChallenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9
HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients
More informationbuilding for my Future 2013 Certification
I am building for my Future 2013 Certification Let ISACA help you open new doors of opportunity With more complex IT challenges arising, enterprises demand qualified professionals with proven knowledge
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationEnhance Your Cyber Risk Awareness and Readiness. Singtel Business
Singtel Business Product Factsheet Brochure Managed Cyber Security Defense Readiness Services Assessment Enhance Your Cyber Risk Awareness and Readiness Much focus is on knowing one s enemy in today s
More informationPanelists. Moderator: Dr. John H. Saunders, MITRE Corporation
SCADA/IOT Panel This panel will focus on innovative & emerging solutions and remaining challenges in the cybersecurity of industrial control systems ICS/SCADA. Representatives from government and infrastructure
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationCybersecurity Protecting your crown jewels
Cybersecurity Protecting your crown jewels Our cyber security services We view cybersecurity through a series of interconnected lenses. This rounded approach is designed to provide you with confidence:
More informationCyber and Information Security Focused Audit Strategy WNY ISACA May 9, 2017 Shamus McMahon CISA, CISSP
Cyber and Information Security Focused Audit Strategy WNY ISACA May 9, 2017 Shamus McMahon CISA, CISSP All materials presented here and discussed within represent the view of the speaker and are not necessarily
More informationData Sheet The PCI DSS
Data Sheet The PCI DSS Protect profits by managing payment card risk IT Governance is uniquely qualified to provide Payment Card Industry (PCI) services. Our leadership in cyber security and technical
More informationHCL GRC IT AUDIT & ASSURANCE SERVICES
HCL GRC IT AUDIT & ASSURANCE SERVICES Overview The immense progress made in information and communications technology offers enterprises outstanding benefits. However this also results in making the risk
More informationENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE
ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE INTRODUCTION In line with commercial industry standards, the data center used by EndNote employs a dedicated security team to protect our
More informationCyber Risk A Corporate Directors' Briefing Webcast Q&A Summary
Cyber Risk A Corporate Directors' Briefing Webcast Q&A Summary Cyber experts from Marsh & McLennan Companies and WomenCorporateDirectors hosted an engaging webcast on August 16 th entitled Cyber Risk A
More informationRe: McAfee s comments in response to NIST s Solicitation for Comments on Draft 2 of Cybersecurity Framework Version 1.1
January 19, 2018 VIA EMAIL: cyberframework@nist.gov Edwin Games National Institute of Standards and Technology 100 Bureau Drive, Mail Stop 8930 Gaithersburg, MD 20899 Re: McAfee s comments in response
More informationIT Security Mandatory Solutions. Andris Soroka 2nd of July, RIGA
IT Security Mandatory Solutions Andris Soroka 2nd of July, 2014 @LPS, RIGA Data Security Solutions business card Specialization IT Security IT Security services (consulting, audit, pen-testing, market
More informationLevel Access Information Security Policy
Level Access Information Security Policy INFOSEC@LEVELACCESS.COM Table of Contents Version Control... 3 Policy... 3 Commitment... 3 Scope... 4 Information Security Objectives... 4 + 1.800.889.9659 INFOSEC@LEVELACCESS.COM
More information