Sirius Security Overview

Transcription

1 Sirius Security Overview Rob Hoisington IT Security Consultant 8/18/2017 1

2 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com Rob Hoisington is a Security Architect and member of the IT Consultant team for Sirius Computer Solutions. Robert holds a Masters of Science degree in Information Technology from University of Maryland University College and he is an alumnus of the U.S. Military Academy at West Point where he received a Bachelors of Science in Computer Science. Rob has been with Sirius Computer Solutions for 5 years. During this time he has worked with clients in a wide variety of industries including banking, insurance, education, healthcare, manufacturing, distribution, and utilities - addressing a wide variety of security, regulatory, and disaster mitigation challenges. Prior to joining Sirius, Rob worked for the U.S. Army as a Signal Corps Officer where he was responsible for technical teams as well as security, networks, and systems both in the U.S. and deployed overseas. Rob is married, has 3 kids, and lives in Spring Hill, Tennessee. 8/18/2017 2

3 8/18/2017 3

4 Agenda Introductions Sirius Consulting Approach and Portfolio (high level) Sirius Security Capabilities Security Consulting Services Security Solutions Client Security Roadmap and Initiatives Next Steps 8/18/2017 4

5 Sirius Consulting Approach and Portfolio

6 Consulting Services Portfolio Enterprise Consulting Interim CIO and CISO Services Digital Workspace Internet of Things IT Strategic Roadmaps IT Service Management Technology Solution Evaluation Process Optimization Assessments Cost Reduction Assessments Business Impact and Technology Investment Justification Insourcing/Outsourcing Assessments M&A Due Diligence and Integration Telecommunications Imaging and Print Services Organizational Assessments Data Center Transformation Data Center Models Private Cloud Hybrid Data Center Functions Production Disaster Recovery Other Data Center Services Strategic Planning and Budgeting Current State Inventory End State Design Detailed Implementation Planning and Budgeting Implementation and Testing Implementation Post Mortems DevOps Transformation End-to-End DevOps Lifecycle SDLC & Application Lifecycle Management, Agile, Waterfall, Continuous Release and Deployment Operations Optimization Infrastructure Best Practices ITIL, CMMI, Scaled Agile Framework (SAFe), Lean, and Six Sigma Best Practices Data Strategy Quality Assurance Best Practices and Test Automation Cloud Computing Infrastructure as Code (IaC) Security, Regulatory, Governance and Controls Risk, Security, and Compliance Security Governance Review Enterprise Risk Assessment & Security Posture Services Data Criticality Assessment Vulnerability Assessments Technical Security Architecture Review HIPAA/HITECH & MU Assessment PCI Assessment Security Policy Services Employee Security Awareness SIEM/MSSP Assessment Executive Security Consulting Services Penetration Testing Social Engineering Forensics Code Risk Assessments Business Continuity & IT/DR BC & IT/DR Current State Assessment Business Impact Assessment (BIA & µbia) Emergency Preparedness Action Planning Architecture Standards for Continuity & Recovery Declaration Process Plan Tabletop Exercise Facilitation IT/DR Exercise Planning & Coordination BC Program Awareness Consulting Incident Response Planning Enterprise Communication Planning Family Support Reponses Program 8/18/2017 6

7 Sirius Security Capabilities

8 Sirius Security Principles and Approach Vendor neutral and consultative Primary focus is to understand/develop customer requirements including via assessment if necessary. Understand current client environment Understand security drivers (high risk data, privacy, compliance, incidents, etc.) Jointly develop an approach to meeting requirements May include People, Policy, Process, Governance, and Technology Solution/Remediation plan or may not include Sirius capabilities if best fit for client is something we don t offer As a systems integration company, the full Sirius engineering team stands behind the ITC to assist with security implementation services and remediation, including a large number of partner brand skills and services most competitors can t offer the breadth of internal resources and partnerships that Sirius brings to the table for implementation and remediation services. 8/18/2017 8

9 Sirius Security Architecture Review (SAR) 8/18/2017 9

10 Sirius Security Consulting Services Compliance PCI DSS, NIST, FISMA, HIPAA, ISO, etc. Assessments Penetration Testing, Network Vulnerability, Web App Vulnerability System Security Configuration Reviews Information Criticality Workshop Governance Third Party Vendor Management, Program Development, Security Awareness Incident Response Physical, Technical, Plan Development, Retainer Digital Forensics Imaging, Extraction, Analysis, Preparation for Counsel, Expert Testimony Executive Security Consulting Services Presales Consulting Security Architecture Review (SAR) Workshop Security Solution Development 8/18/

11 Security Solutions Vulnerability Management Patch/System Management Traditional Endpoint Security Next Generation Endpoint Security Next Generation Firewall Network Access Control Content Filtering/Proxy Security Security Incident Event Management IPS/IDS Application Protection Identity and Access Management Database Security Remote Access Multi-Factor Authentication Web Application Firewall Endpoint Incident Response Cloud Security Privileged Identity Management Managed Security Services GRC Platforms Data Loss Prevention Network Management and Audit Network Taps SSL Decryption Mobile Device Management Unstructured Data Security Encryption Data Center Segmentation 8/18/

12 Sirius Security Solutions and Services Partners and more 8/18/

13 Sirius Security Solutions NIST Cyber Defense Matrix View Identify Protect Detect Respond Recover Devices Applications Networks Data Users Degree of Dependency Technology Process People 8/18/

14 Client Security Roadmap and Initiatives

15 Next Steps

16 THANK YOU