SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications
Agenda for discussion 1. Security Posture 2. The effectiveness gap 3. CISO perspective 4. Maturing the security posture 5. A case study 6. In Summary
Congratulations SINGAPORE!! Survey by the UN International Telecommunication Union (ITU) rated Singapore as Top in the world based on its - Legal, technical and organisational institutions, - educational and research capabilities and - cooperation in information-sharing networks. SECURITY POSTURE?
Security posture defined The security status of an enterprise s networks, information and systems is based on resources (people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.** WHY To eliminate a false sense of security, strategic alignment with business WHAT Approach a business takes to security, from planning and implementation to operations HOW Technical and non-technical policies, procedures and controls to prevent and protect against threats ** NIST Glossary of Key Information Security Terms
Security posture Strategy for C-suite alignment USABILITY RISK COST REGULATIONS & COMPLIANCE
False sense of security Use of a weak algorithm Auditing level lacks the necessary details Deployment without customization No consistent process Assume that the data is secure Exclusion of employee s workstations from scope
The Security Effectiveness gap Ransomware Supply Chain Ecosystems State Sponsored Phishing Key Loggers Cyberespionage Denial-of- Service Gap to be bridged CAPABILITIES Skill issues Operational gaps Technology efficiency
Approach for Security posture A CISO perspective Vision and Plan Execution Operations Management support Digital Enablement Skill Alignment Cloud Adoption
Approach for Security posture A CISO perspective Vision and Plan Execution Operations Strategy Roadmap & Investments Compliance Regulations, Standards, Best Practices Service Management SLAs, OLAs Architecture Maturity & Integrations Identity & Access Trust, Authentication, Privileges Reporting Measurement, Trends, Self service Governance, Risk Visibility & Engagement Data & Apps Classification, Loss Prevention Assessment Cyber Detection, Prediction, Response
Maturing the security posture Vision and Plan AS-IS State Proactive Know your security posture Risk in the business context Security plan across the connected eco-system
Maturing the security posture Execution AS-IS State Proactive
Maturing the security posture Operations AS-IS State Proactive
Customer case study: One of the most recognised and valued Consumer Products brand in APAC Vision and Plan Execution Operations Strategy Roadmap & Investments planning 2015 Compliance Best Practices end to end Vulnerability management 2015 Service Management MSSP based SOC On Going Architecture Layered model 2015 Identity & Access Trust, Authentication, Privileges Reporting MSS Portal On Going Governance, Risk Visibility & BoD engagement 2015 Data & Apps Web application security and attack prevention Q3 2015 Cyber SOC and Threat management Q4 2016 Approach to enhancing the security posture for this enterprise
Applying the Strategy Get Going Initial months 6 months & beyond Build self awareness Build a cyber risk oriented process for investment strategy Engage specialists including cloud and managed service provider Identify the right governance team with C suite support Consider all assets Facilitate information sharing and collaboration
Thank You QUESTIONS & FEEDBACK