Mapping and Auditing Your DevOps Systems
|
|
- Clinton Cameron
- 6 years ago
- Views:
Transcription
1 Mapping and Auditing Your DevOps Systems David Cuthbertson, CEO Square Mile Systems Ltd
2 Personal Background Personal Experience Industry Groups and Frameworks Network Troubleshooting Cabling and Network Installations Managed Services Voice/Data Infrastructure Management Practices Skills Awareness Mapping Methods Naming Labelling Change Process Baselining Toolsets Visualization Group Manager Data Center Engineering Data Center Operations Management
3 About Square Mile Systems We develop technology to make infrastructure management easier AssetGen infrastructure database Visio utilities (free) for data centre / application / services documentation Provide methods and processes for site audits, documentation assessment, remediation (compliance) and managing complex infrastructure changes Help organizations implement best practices around change management and control in physical and logical infrastructures Supporting ITIL, ISO, ISA, TIA, BICSI, NIST, COBIT and others Typical drivers - data centre migration, identifying vulnerabilities, CMDB analysis, transformation projects and automated Visio diagramming.
4 Different Teams, Different Focus Customers Users Business Processes Departmental, Company System Architecture Applications Development Service Management Services End user, infrastructure, supplier Applications PC, server, mainframe, SOA Networks LAN/SAN Mid-range Servers Virtual Infrastructure PCs, Network, Servers, Storage, DBMS Hardware Infrastructure PCs, Network, Servers, UPS, Storage, etc Desktops IMAC Data Centre Fixed Infrastructure (Cabling, Power, Cabinets, Buildings)
5 Example - The NIST Cybersecurity Framework Function Unique Identifier ID Function Identify Category Unique Identifier ID.AM ID.BE ID.GV ID.RA ID.RM Category Asset Management Business Environment Governance Risk Assessment Risk Management Strategy Sub- Cat Unique Identifier ID.AM-1 ID.AM-2 Physical Inventory Software Inventory Sub-Category PR Protect PR.AC PR.AT PR.DS PR.IP PR.MA Access Control Awareness and Training Data Security Information Protection Processes and Procedures Maintenance ID.AM-3 ID.AM-4 ID.AM-5 Communication and Data Flows External Information Systems Priority Resource and Classification DE Detect PR.PT DE.AE DE.CM DE.DP RS.RP Protective Technology Anomalies and Events Security Continuous Monitoring Detection Processes Response Planning ID.AM-6 Roles and Responsibilities 1. Baseline your infrastructure RS Respond RS.CO RS.AN RS.MI Communications Analysis Mitigation 2. Manage the risks RS.IM Improvements RC Recover RC.RP RC.IM RC.CO Recovery Planning Improvements Communications 3. Maintain the knowledge
6 Asset Management Sub-Category Sub- Cat Unique Sub-Category Identifier ISA :2009 Security For Industrial Automation and Control Establishing a security system ID.AM-1 ID.AM-2 Physical Inventory Software Inventory ISA :2013 Security For Industrial Automation and Control System Security Requirements and Security Levels ID.AM-3 Communication and Data Flows ISO/IEC 27001:2013 Information Security Management System ID.AM-4 External Information Systems CCS Council on Cyber Security- Security Controls ID.AM-5 Priority Resource and Classification COBIT 5 Information Assurance ID.AM-6 Roles and Responsibilities NIST SP Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations
7 Standards Sections ID.AM-1Physical Inventory Standard COBIT 5 Informative Reference BAI09.01, BAI09.02 Detail All IT assets inventoried, managed and maintained CCS CSC 1 Only authorized hardware is permitted on the network ISO/IEC 27001:2013 ISO/IEC 27001:2013 NIST SP Rev. 4 A A CM-8 Assets associated with information and information processing facilities shall be identified and an inventory of these assets shall be drawn up and maintained Assets maintained in the inventory shall be owned Updated and accurate IS component inventory and configurations contained in centralized database with detection of unauthorized components.
8 Mapping Systems Reason 1 Help communicate entities, dependencies and differences Container Container App 1 App 2 App 3 App 4 bins / libs bins / libs bins / libs bins / libs App 1 App 2 App 3 App 4 Guest OS Guest OS Guest OS Guest OS bins / libs bins / libs bins / libs bins / libs Hypervisor Host OS Server Host OS Server
9 Mapping Systems Reason 2 If you don t understand your environment and applications you must expect pain cost, delay, risk, delivery failure. Mapping systems is often part of mature management processes where better systems reduce delays and risks.
10 Change Is Constant Projects Operations Management Security Regulators Do it faster Zoning / Partitioning Consolidate / Optimize Reduce costs Use of Partners Change Records Capacity Reporting No Downtime! Data Loss Prevention Application and Infrastructure Management Practice and processes have to evolve constantly!
11 Mapping Systems Many Methods 1. Physical location, position and space 2. Physical connections and paths LAN, WAN, SAN, power 3. Logical connections and paths LAN, WAN, SAN, power, radio, data flows, firewall rules/endpoints 4. Dependency impacts change and risk communication 5. Environment management Prod, dev, test, pre-prod, DR 6. Application development, requirements and versioning 7. Customer data mapping PCI, GDPR, breach management 8. Batch process mapping
12 Mapping Systems Entities (with attributes) Relationships (with attributes) Container Can be achieved using spreadsheets, databases, diagrams and specialist systems - ALM
13 Mapping Systems Container (with attributes) Entities (with attributes) Relationships (with attributes) The mapping method will depend on the requirement
14 Even With A Few Servers Complex
15 ITIL Version 3 Configuration Mgmt System Presentation Layer Portal Change& Release View Asset Mgmt View Config Life-cycle View Technical Config View Quality Mgmt View Service Desk View Business Impact View Compliance View (Cobit) Search, Browse, Store, Retrieve,, Publish, Subscribe, Collaborate Knowledge Processing Layer Information Integration Layer Data & Information Sources & Tools Query & Analysis Reporting Performance Mgmt Modelling Monitoring Project Doc Filestore Project Software Customer/User Service Application Infrastructure mapping Service Portfolio Service Package Integrated Asset & Config Definitive Media Library Federated CMDBs Discovery Asset Mgmt & Audit Tools Software Config Mgmt Service Change Service Release Common Process Scheme Meta Data Reconciliation Synchronisation Extract, Load Mining Data Integration Platform Config Mgmt Enterprise Apps
16 Some Methods Of Mapping Systems Physical Peer to Peer Hierarchical ISA PAYMENT REQUEST HANDLING SW-BHAM-13 SW-BHAM-14 SW-BHAM-19 WORKFLOW CLIENT ISA PAYMENT TRANSACT BACS-IP FW-BHAM01 FW-BHAM02 FW-BHAM04VPN WORKFLOW PAYLOG AUDITTRACK BACPAY SW-BHAM-11 SW-BHAM-12 RTR-BHAM-07 RTR-BHAM-08 ORACLE FWS_03 SQ L FWS_04 RTR-BHAM-03 RTR-BHAM-04 CITRIX SERVER UK_VWBIRM001 UK_VWBIRM002 UK_VWBIRM004 BT-NTU2 BT-NTU3 VT-NTU1 VT-NTU2 SVR-BHAM UK_BIRM_BLADE_01 UK_BIRM_BLADE-02
17 More Methods Of Mapping Systems Architecture Blocks Entity Relationships Excel / Visio
18 Mapping Servers / Application Customer Billing Funds Transfer ERP Logistics Internet Portal VM Ware Power Building Cabling
19 The Logical Dependency View The router has one link to the switch Easy to Understand! 19
20 A B A B A B A B The Physical Connection View Data Hall 1 Comms A Data Hall 2 Equipment Racks MDF Inter Room ODF Wing Loft Inter Room ODF MDF Equipment Racks 7750(SR12) MDA2 MDA MDA10SFP MDA10SFP 1 9 test 1 9 MDA10SFP MDA10GLW/LR Empty CFM1 CFM2 Empty MDA10GLW/LR Empty F02 PPF-336/F02-U47 E22 PPF-336-E22- U40 to I02 I02 PPF-336/I02-U47 to F02 PPF-336-I02-U38 to E20 PPF-336-I02-U40 to E22 PPF-326-I02-U39 to E23 I15 PPF-336/I15-U47 to ODF12 ODF12 ODF01 E15 E10 PPF-300/ODF12- U42 to 336/I15 PPF-300/ODF01- U47 PPF-326-E15- U47 to 300 ODF01 PPF-326-E10- U46 to K23 PPF-326-E10- U45 to H06 PPF-326-E10- U44 to Q02 PPF-326-E10- U43 to Q03 PPF-326-E10- U42 to K24 H06 K23 K24 PPF-326-H06- U45 to E10 PPF-326-K23- U46 to E10 PPF-326-K24- U42 to E (SR12) MDA2 MDA MDA10SFP MDA10SFP 1 9 test 1 9 MDA10SFP MDA10GLW/LR Empty CFM1 CFM2 Empty MDA10GLW/LR Empty E23 PPF-326-E10- U41 to N04 PPF-336-E23- U39 to I02 N04 PPF-326-N04- U41 to E10 E26 Q02 PPF-326-E20- U38 to E10 PPF-326-Q02- U44 to E10 Q03 PPF-326-Q03- U43 to E10 20
21 Mapping An Enterprise Application Logistics CRM Finance of tables used 2.2M relationships within the SAP system UK_APPS01 UK_APPS03 TXOMGGC UK_IIS05 UK_IIS08
22 Shared Infrastructure and Applications Logistics CRM Finance Partner Controls Dispatch Control Web Ordering Funds Transfer Credit Scoring HR Systems UK_APPS01 UK_APPS03 TXOMGGC UK_IIS05 UK_IIS08
23 SAP Servers With 100 Servers plus
24 Service Focused View - 1 Service Top Down Service focused What supports this service? Host Hardware/Virtual (133)
25 Component Focused View Services (33) What is the potential Impact on services? Host Component focused Bottom Up
26 Steps To Successful Mapping? 1. Define the data requirements and outputs 2. Capture data 3. Analyse / visualise / report as required one set of data produce multiple perspectives 4. Maintain It doesn t work like this in practice!
27 Our Approach 1. Assume all data is inconsistent in naming and accuracy 2. Assume there are no mapping / visual standards 3. Build 2-3 prototypes - most complex applications/services 4. Then do bulk capture and improve dependencies - two spreadsheets
28 Thank You Improving Infrastructure change and risk planning Half day workshops 1 st /2 nd March (With Networks Centre) Poulton, Glos and Horsham, West Sussex Websites: videos, downloads
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments
Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments 1 ID.AM-1: Physical devices and systems within the organization are inventoried Asset Management (ID.AM): The
More informationCyber Information Sharing
Cyber Information Sharing Renault Ross CISSP, MCSE, CHSS, VCP5 Chief Cybersecurity Business Strategist Ian Schmertzler President Know Your Team Under Pressure Trust Your Eyes Know the Supply Chain Have
More informationAutomating Physical Infrastructure Documentation. David Cuthbertson Director
Automating Physical Infrastructure Documentation David Cuthbertson Director david.cuthbertson@assetgen.com www.assetgen.com 1 AssetGen Overview UK based Cirencester, Glos, UK Sister company - Square Mile
More informationNIST (NCF) & GDPR to Microsoft Technologies MAP
NIST (NCF) & GDPR to Microsoft Technologies MAP Digital Transformation Realized.TM IDENTIFY (ID) Asset Management (ID.AM) The data, personnel, devices, systems, and facilities that enable the organization
More informationOpportunities (a.k.a challenges) Interfaces Governance Security boundaries expanded Legacy systems New application Compliance
KY HEALTH & NIST CSF 1115 Waiver Involves legacy systems New development Interfaces between systems with and without sensitive information Changes the security boundaries Opportunities (a.k.a challenges)
More informationNIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology
NIST Cybersecurity Testbed for Transportation Systems CheeYee Tang Electronics Engineer National Institute of Standards and Technology National Institute of Standards and Technology (NIST) About NIST NIST
More informationKnowledge Set of Attack Surface and Cybersecurity Rating for Firms in a Supply Chain Dr. Shaun Wang, FCAS, CERA
Knowledge Set of Attack Surface and Cybersecurity Rating for Firms in a Supply Chain Dr. Shaun Wang, FCAS, CERA 04/13/2018 ULaval Shaun.Wang@ntu.edu.sg 1 Cyber Risk Management Project Government University
More informationSecuring an IT. Governance, Risk. Management, and Audit
Securing an IT Organization through Governance, Risk Management, and Audit Ken Sigler Dr. James L. Rainey, III CRC Press Taylor & Francis Group Boca Raton London New York CRC Press Is an imprint cf the
More informationThe Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,
The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor, National Institute of Standards and Technology 1 Speaker
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity May 2017 cyberframework@nist.gov Why Cybersecurity Framework? Cybersecurity Framework Uses Identify mission or business cybersecurity dependencies
More informationDocumenting and Managing Infrastructure Connectivity
Documenting and Managing Infrastructure Connectivity David Cuthbertson Square Mile Systems Ltd david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Square Mile Background Develop toolsets,
More informationUsing Metrics to Gain Management Support for Cyber Security Initiatives
Using Metrics to Gain Management Support for Cyber Security Initiatives Craig Schumacher Chief Information Security Officer Idaho Transportation Dept. January 2016 Why Metrics Based on NIST Framework?
More informationManaging The Infrastructure Of Data Centers
Managing The Infrastructure Of Data Centers David Cuthbertson Square Mile Systems Ltd david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Square Mile Background Develop toolsets, training
More informationNIST Cybersecurity Framework Based Written Information Security Program (WISP)
Cybersecurity Governance (GOV) Title 52.20 21 66A.622 GOV 1 Publishing Cybersecurity Policies & s ID.GV 1 500.02 500.03 66A.622(2)(d) GOV 2 Periodic Review & Update of Cybersecurity Documentation ID.GV
More informationDesigning & Building a Cybersecurity Program. Based on the NIST Cybersecurity Framework (CSF)
Designing & Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson Lesson 2 June, 2015 1 Lesson 2: Controls Factory Components Part 1: The Controls Factory Part 2:
More informationAcalvio Deception and the NIST Cybersecurity Framework 1.1
Acalvio Deception and the NIST Cybersecurity Framework 1.1 June 2018 The Framework enables organizations regardless of size, degree of cybersecurity risk, or cybersecurity sophistication to apply the principles
More informationCybersecurity Framework Manufacturing Profile
Cybersecurity Framework Manufacturing Profile Keith Stouffer Project Leader, Cybersecurity for Smart Manufacturing Systems Engineering Lab, NIST National Institute of Standards and Technology (NIST) NIST
More informationManaging The Infrastructure Of Data Centers
Managing The Infrastructure Of Data Centers David Cuthbertson Square Mile Systems Ltd david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Square Mile Background Develop toolsets, training
More informationHow to Align with the NIST Cybersecurity Framework
How to Align with the NIST Cybersecurity Framework 1 Title Table of Contents Identify (ID) 4 Protect (PR) 5 Detect (DE) 6 Respond (RS) 7 Recover (RC) 8 visibility detection control 2 SilentDefense Facilitates
More informationVisualising Your CMDB With Visio
Visualising Your CMDB With Visio David Cuthbertson Square Mile Systems Square Mile Overview Develop AssetGen toolsets, training and techniques for operational management of complex IT infrastructure Focus
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0 National Institute of Standards and Technology February 12, 2014 Table of Contents Executive Summary...1 1.0 Framework Introduction...3
More informationISO based Written Information Security Program (WISP) (a)(1)(i) & (a)(3)(i) & (ii) & (A) (A)(5)(ii) & (ii)(a)
1 Information Security Program Policy 1.2 Management Direction for Information Security 5.1 1.2.8 1.2.1.1 Publishing An Information Security Policy 5.1.1 500.03 1.1.0 2.1.0-2.2.3 3.1.0-3.1.2 4.1.0-4.2.4
More informationHow To Document Campus Infrastructure Offices, Hospitals, Universities, Airports, Etc. 29 th November 2012
How To Document Campus Infrastructure Offices, Hospitals, Universities, Airports, Etc. 29 th November 2012 David Cuthbertson, Director Square Mile Systems Ltd www.squaremilesystems.com Some Background
More informationAssurance over Cybersecurity using COBIT 5
Assurance over Cybersecurity using COBIT 5 Special thanks to ISACA for supplying material for this presentation. Anthony Noble, VP IT Audit, Viacom Inc. Anthony.noble@viacom.com Disclamer The opinions
More informationDavid Cuthbertson. Mapping Services, Systems & Servers. Chairman BCS-SMSG
David Cuthbertson Chairman BCS-SMSG Mapping Services, Systems & Servers david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Tel 0870 950 4651 Mob 07717 883177 Square Mile Systems 1 Why Map
More informationAutomating IT Asset Visualisation
P a g e 1 It s common sense to know what IT assets you have and to manage them through their lifecycle as part of the IT environment. In practice, asset management is often separate to the planning, operations
More informationOil & Natural Gas Third Party Collaboration IT Security NIST Profile API ITSS Third Party Collaboration IT Security Workgroup
Oil & Natural Gas Third Party Collaboration IT Security NIST Profile API ITSS Third Party Collaboration IT Security Workgroup 12/16/2016 Contents 1 Introduction... 3 2 Approach... 3 2.1 Relevant NIST Categories...
More informationusing COBIT 5 best practices?
How to effectively mitigate Risks and ensure effective deployment of IOT using COBIT 5 best practices? CA. Abdul Rafeq, FCA, CISA, CIA, CGEIT Managing Director, Wincer Infotech Limited Past Member, COBIT
More informationThe CIS Critical Security Controls are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can
The CIS Critical Security are a relatively small number of prioritized, well-vetted, and supported security actions that organizations can take to assess and improve their current security state. They
More informationImproving Critical Infrastructure Cybersecurity Executive Order Preliminary Cybersecurity Framework
1 Improving Critical Infrastructure Cybersecurity Executive Order 13636 Preliminary Cybersecurity Framework 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
More informationCOMPLIANCE BRIEF: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY S FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY
COMPLIANCE BRIEF: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY S FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY OVERVIEW On February 2013, President Barack Obama issued an Executive Order
More informationTrack 4A: NIST Workshop
Track 4A: NIST Workshop National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) GridSecCon October 18, 2016 AGENDA TOPIC PRESENTER(S) DURATION NIST/NCCoE
More informationResponsible Care Security Code
Chemical Sector Guidance for Implementing the NIST Cybersecurity Framework and the ACC Responsible Care Security Code ACC Chemical Information Technology Council (ChemITC) January 2016 Legal and Copyright
More informationK12 Cybersecurity Roadmap
K12 Cybersecurity Roadmap Introduction Jason Brown, CISSP Chief Information Security Officer Merit Network, Inc jbrown@merit.edu @jasonbrown17 https://linkedin.com/in/jasonbrown17 2 Agenda 3 Why Use the
More informationBest Practices for Managing Data Centres
Best Practices for Managing Data Centres David Cuthbertson Square Mile Systems david.cuthbertson@squaremilesystems.com www.squaremilesystems.com Tel 0870 950 4651 Mob 07717 883177 Best Practices? Guidelines?
More informationCyber Bounty Hunter. Key capabilities of today s. Renault Ross CISSP,MCSE,VCP5,CHSS Distinguished Engineer Chief Security Business Strategist
Key capabilities of today s Cyber Bounty Hunter Renault Ross CISSP,MCSE,VCP5,CHSS Distinguished Engineer Chief Security Business Strategist Copyright 2016 Symantec Corporation 1 2 3 The Cyber Skills Gap
More informationAvoiding High Density Spaghetti - Managing High Density Modular Cabling Systems
Avoiding High Density Spaghetti - Managing High Density Modular Cabling Systems David Cuthbertson Square Mile Systems Disclaimer All references to manufacturers or products are for illustration only and
More informationReducing Network Documentation Effort by Visio Automation. David Cuthbertson
Reducing Network Documentation Effort by Visio Automation David Cuthbertson Diagrams Are Very Useful! But Not all Diagrams Help! 3 If A Picture Paints a Thousand Words How do we paint a thousand pictures?
More informationFramework for Improving Critical Infrastructure Cybersecurity
1 Framework for Improving Critical Infrastructure Cybersecurity Standards Certification Education & Training Publishing Conferences & Exhibits Dean Bickerton ISA New Orleans April 5, 2016 A Brief Commercial
More informationNIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation
NIST Framework for Improving Critical Infrastructure Cybersecurity Technical Control Automation Automating Cybersecurity Framework Technical Controls with Tenable SecurityCenter Continuous View February
More informationAssurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant
Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework Keith Price Principal Consultant 1 About About me - Specialise in cybersecurity strategy, architecture, and assessment -
More informationIn support of this, the Coalition intends to host an event bringing together government and private sector leaders and experts to further discuss this
Coalition for Cybersecurity Policy & Law Coalition for Cybersecurity Policy & Law 600 Massachusetts Ave, NW, Washington, DC 20001 February 12, 2018 VIA EMAIL: counter_botnet@list.commerce.gov Evelyn L.
More informationCloud Threat Defense. Cloud Security Buyer s Guide Based on the. NIST Cybersecurity Framework
Cloud Threat Defense Cloud Security Buyer s Guide Based on the NIST Cybersecurity Framework Overview 3 01 - Function: Identify 5 Asset Management Risk Assessment 5 6 02 - Function: Protect 7 Access Control
More informationAppendix A. Syllabus. NIST Cybersecurity Foundation. Syllabus. Status: First Draft
Appendix A Syllabus NIST Cybersecurity Foundation Syllabus Status: First Draft Version Status Sign off Date / Names V1.0.0 First Draft Content Group Lead Author: Mark E.S. Bernard Copyright 2018 Secure
More informationLes joies et les peines de la transformation numérique
Les joies et les peines de la transformation numérique Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA Professor, Solvay Brussels School of Economics and Management Academic Director, IT Management Education
More informationitsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors
itsmf ITIL V3: Accelerate Success with Tools Maria A Medvedeva, PMP, ITIL Regional Director CA, Inc. itsmf Middle East Board of Directors Dubai, June 11, 2007 Challenging Questions > Should we slow down
More informationDevOps, Security, and Compliance WORKING IN UNISON
DevOps, Security, and Compliance WORKING IN UNISON I like. About me Elizabeth Lawler Co-Founder & CEO Machine identity and access management at scale Mapping compliance requirements to next generation
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationAutomating for Agility in the Data Center. Purnima Padmanabhan Jeff Evans BMC Software
Automating for Agility in the Data Center Purnima Padmanabhan Jeff Evans BMC Software 9/5/2006 Agenda The Situation Challenges Objectives BMC Solution for Data Center Closed-Loop Change Data Center Optimization
More informationDemystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow
Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases Gen Fields Senior Solution Consultant, Federal Government ServiceNow 1 Agenda The Current State of Governance, Risk, and Compliance
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationAbout the company. What we do? Cybersecurity solutions adapted to protect enterprise business applications (SAP & Oracle).
About the company 2 What we do? Cybersecurity solutions adapted to protect enterprise business applications (SAP & Oracle). Agenda 3 Building a business case for SAP Vulnerability Management How to start
More informationDesigning and Building a Cybersecurity Program
Designing and Building a Cybersecurity Program Based on the NIST Cybersecurity Framework (CSF) Larry Wilson lwilson@umassp.edu ISACA Breakfast Meeting January, 2016 Designing & Building a Cybersecurity
More informationUpdates to the NIST Cybersecurity Framework
Updates to the NIST Cybersecurity Framework NIST Cybersecurity Framework Overview and Other Documentation October 2016 Agenda: Overview of NIST Cybersecurity Framework Updates to the NIST Cybersecurity
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationOntario Energy Board Cyber Security Framework
Ontario Energy Board Cyber Security Framework Accelerating compliance using Security-as-a-Service (SECaaS) Office: 888.876.0504 Email: info@stratejm.com Website: www.stratejm.com About this Whitepaper
More informationVisio Automation for Infrastructure Design and Management. David Cuthbertson Square Mile Systems / AssetGen
Visio Automation for Infrastructure Design and Management David Cuthbertson Square Mile Systems / AssetGen A Few Questions Anyone here attended previous Visio workshops? Which is easier and faster to complete?
More informationCompTIA CASP (Advanced Security Practitioner)
CompTIA CASP (Advanced Security Practitioner) Course Length: 5 days (virtual) Click here to view the current class schedule! Overview: The CompTIA Advanced Security Practitioner (CASP) Certification is
More information2014 Communications Sector Year in Review Cybersecurity Risk Management Framework. Sector Year in Review
2014 Communications Sector Year in Review Cybersecurity Risk Management Framework Sector Year in Review Kathryn Condello, Chair Communications Sector Coordinating Council Five Segments: Broadcast, Cable,
More informationData Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016
Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationVirtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC
Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /
More informationCyber Security Standards Developments
INTERNATIONAL ELECTROTECHNICAL COMMISSION Cyber Security Standards Developments Bart de Wijs Head of Cyber Security Power Grids Division ABB b.v. Frédéric Buchi Sales&Consulting Cyber Security Siemens
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationAligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert
Aligning IT, Security and Risk Management Programs Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert Challenges to Risk Management & Governance Balancing extensive requirements
More informationAligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy
Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy Orus Dearman, Director, Business Advisory Services, Grant Thornton Johanna Terronez, Senior Manager, Business Advisory
More informationCYBER SECURITY AIR TRANSPORT IT SUMMIT
CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER SECURITY AIR TRANSPORT IT SUMMIT SHARING GOOD PRACTICES VIVIEN EBERHARDT, SITA CYBER SECURITY CYBER
More informationLESSONS LEARNED IN DEVELOPING CYBERSECURITY FRAMEWORK (CSF) PROFILES WITH INDUSTRY AND THE U.S. COAST GUARD (USCG)
UNCLASSIFIED The United States Coast Guard LESSONS LEARNED IN DEVELOPING CYBERSECURITY FRAMEWORK (CSF) PROFILES WITH INDUSTRY AND THE U.S. COAST GUARD (USCG) Homeland Security UNCLASSIFIED 1 Lessons Learned
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationIBM services and technology solutions for supporting GDPR program
IBM services and technology solutions for supporting GDPR program 1 IBM technology solutions as key enablers - Privacy GDPR Program Work-stream IBM software 2.1 Privacy Risk Assessment and Risk Treatment
More informationConfiguration Management Master Class 2
Configuration Management Master Class 2 Implementing configuration management and the CMDB David Cuthbertson BCS-SMSG Chair Robert Cowham BCS-CMSG Chair Master Class Format 10:15 Implementing Configuration
More informationSecurity Leaders: Manage the Forest Not the Trees. Presented by: Adam Stone Secure Digital Solutions, LLC 15 March :50 pm
Security Leaders: Manage the Forest Not the Trees Presented by: Adam Stone Secure Digital Solutions, LLC 15 March 2018 2:50 pm Copyright 2018 Secure Digital Solutions, LLC All rights reserved. Your Facilitator
More informationReinvent Your 2013 Security Management Strategy
Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationAutomated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk
Automated Firewall Change Management Securing change management workflow to ensure continuous compliance and reduce risk Skybox Security Whitepaper January 2015 Executive Summary Firewall management has
More information(MC-Cloud) for Mission Critical
(MC-Cloud) for Mission Critical Cloud migration concerns among enterprises By using cloud service, companies can expand IT resources flexibly while maintaining their business continuity and use the amount
More informationVisio Automation for Infrastructure Design and Management. David Cuthbertson Square Mile Systems / AssetGen
Visio Automation for Infrastructure Design and Management David Cuthbertson Square Mile Systems / AssetGen A Few Questions Anyone here attended the workshops in 2014 and 2016? Which is easier and faster
More informationFramework for Improving Critical Infrastructure Cybersecurity
Framework for Improving Critical Infrastructure Cybersecurity November 2017 cyberframework@nist.gov Supporting Risk Management with Framework 2 Core: A Common Language Foundational for Integrated Teams
More informationCybersecurity Framework
Catherine Bruder Shareholder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Cybercrime Economic Impact Cybercrime is costing the global economy $575 billion and the
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationThe HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information
The HITRUST CSF A Revolutionary Way to Protect Electronic Health Information June 2015 The HITRUST CSF 2 Organizations in the healthcare industry are under immense pressure to improve quality, reduce complexity,
More informationCYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS
CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS WILLIAM (THE GONZ) FLINN M.S. INFORMATION SYSTEMS SECURITY MANAGEMENT; COMPTIA SECURITY+, I-NET+, NETWORK+; CERTIFIED
More information<Insert Picture Here> Enterprise Data Management using Grid Technology
Enterprise Data using Grid Technology Kriangsak Tiawsirisup Sales Consulting Manager Oracle Corporation (Thailand) 3 Related Data Centre Trends. Service Oriented Architecture Flexibility
More informationINCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft
Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationProtecting Critical Infrastructure from Our Bad Habits
Protecting Critical Infrastructure from Our Bad Habits Jerry L. Bowman, RCDD, RTPM, NTS, CISSP, CPP, CDCDP Square Mile Systems - US Bethel, Ohio, USA David Cuthbertson, MBCS, MIOD Square Mile Systems -
More informationCISO as Change Agent: Getting to Yes
SESSION ID: CXO-W02F CISO as Change Agent: Getting to Yes Frank Kim Chief Information Security Officer SANS Institute @fykim Outline Catch the Culture Shape the Strategy Build the Business Case 2 #1 Catch
More informationDiscussion Draft of the Preliminary Cybersecurity Framework August 28, 2013
1 Discussion Draft of the Preliminary Cybersecurity Framework August 28, 2013 2 3 A Discussion Draft of the Preliminary Cybersecurity Framework for improving critical 4 infrastructure cybersecurity is
More informationCase Study Automating Data Centre Infrastructure Diagrams
Case Study Automating Data Centre Infrastructure Diagrams Daniel Nunn, UK Data Centres Manager ICM Business Continuity ICM Overview Phoenix IT Group 2400 employees Acquired ICM in 2007. Other group companies
More informationLeveraging COBIT to Implement Information Security
DISCUSS THIS ARTICLE Leveraging COBIT to Implement Information By John Frisken, CA COBIT Focus 5 May 2015 In delivering IT security consulting services to large enterprises in Australia, particularly in
More informationCrises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.
Crises Control Cloud Security Principles Transputec provides ICT Services and Solutions to leading organisations around the globe. As a provider of these services for over 30 years, we have the credibility
More informationSecurity Models for Cloud
Security Models for Cloud Kurtis E. Minder, CISSP December 03, 2011 Introduction Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer
More informationSirius Security Overview
Sirius Security Overview Rob Hoisington IT Security Consultant www.siriuscom.com 8/18/2017 1 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com - 757.675.0101 Rob
More informationCybersecurity 201 THE NEXT STEP. Restaurant.org/Cybersecurity
Cybersecurity 201 THE NEXT STEP Restaurant.org/Cybersecurity About This Guide As a restaurant owner, you routinely safeguard things of value to your business. You put cash and receipts in a register or
More informationICT Mentors e-learning portfolio provides our delegates with materials for study at the comfort of their homes, work place etc.
ICT Mentors e-learning portfolio provides our delegates with materials for study at the comfort of their homes, work place etc. We provide white labelled training packages and courses in: ITIL COBIT 5
More information