Building a Resilient Security Posture for Effective Breach Prevention

Transcription

1 SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications

2 Agenda for discussion 1. Security Posture 2. The effectiveness gap 3. CISO perspective 4. Maturing the security posture 5. A case study 6. In Summary

3 Congratulations SINGAPORE!! Survey by the UN International Telecommunication Union (ITU) rated Singapore as Top in the world based on its - Legal, technical and organisational institutions, - educational and research capabilities and - cooperation in information-sharing networks. SECURITY POSTURE?

4 Security posture defined The security status of an enterprise s networks, information and systems is based on resources (people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.** WHY To eliminate a false sense of security, strategic alignment with business WHAT Approach a business takes to security, from planning and implementation to operations HOW Technical and non-technical policies, procedures and controls to prevent and protect against threats ** NIST Glossary of Key Information Security Terms

5 Security posture Strategy for C-suite alignment USABILITY RISK COST REGULATIONS & COMPLIANCE

6 False sense of security Use of a weak algorithm Auditing level lacks the necessary details Deployment without customization No consistent process Assume that the data is secure Exclusion of employee s workstations from scope

7 The Security Effectiveness gap Ransomware Supply Chain Ecosystems State Sponsored Phishing Key Loggers Cyberespionage Denial-of- Service Gap to be bridged CAPABILITIES Skill issues Operational gaps Technology efficiency

8 Approach for Security posture A CISO perspective Vision and Plan Execution Operations Management support Digital Enablement Skill Alignment Cloud Adoption

9 Approach for Security posture A CISO perspective Vision and Plan Execution Operations Strategy Roadmap & Investments Compliance Regulations, Standards, Best Practices Service Management SLAs, OLAs Architecture Maturity & Integrations Identity & Access Trust, Authentication, Privileges Reporting Measurement, Trends, Self service Governance, Risk Visibility & Engagement Data & Apps Classification, Loss Prevention Assessment Cyber Detection, Prediction, Response

10 Maturing the security posture Vision and Plan AS-IS State Proactive Know your security posture Risk in the business context Security plan across the connected eco-system

11 Maturing the security posture Execution AS-IS State Proactive

12 Maturing the security posture Operations AS-IS State Proactive

13 Customer case study: One of the most recognised and valued Consumer Products brand in APAC Vision and Plan Execution Operations Strategy Roadmap & Investments planning 2015 Compliance Best Practices end to end Vulnerability management 2015 Service Management MSSP based SOC On Going Architecture Layered model 2015 Identity & Access Trust, Authentication, Privileges Reporting MSS Portal On Going Governance, Risk Visibility & BoD engagement 2015 Data & Apps Web application security and attack prevention Q Cyber SOC and Threat management Q Approach to enhancing the security posture for this enterprise

14 Applying the Strategy Get Going Initial months 6 months & beyond Build self awareness Build a cyber risk oriented process for investment strategy Engage specialists including cloud and managed service provider Identify the right governance team with C suite support Consider all assets Facilitate information sharing and collaboration

15 Thank You QUESTIONS & FEEDBACK