Global Security Consulting Services, compliancy and risk asessment services

Similar documents
SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

BHConsulting. Your trusted cybersecurity partner

Continuous protection to reduce risk and maintain production availability

INTELLIGENCE DRIVEN GRC FOR SECURITY

BHConsulting. Your trusted cybersecurity partner

Driving Global Resilience

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Big data privacy in Australia

CYBER RESILIENCE & INCIDENT RESPONSE

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

Global Statement of Business Continuity

Information Security Controls Policy

Symantec Security Monitoring Services

CCISO Blueprint v1. EC-Council

CyberSecurity. Penetration Testing. Penetration Testing. Contact one of our specialists for more information CYBERSECURITY SERVICE DATASHEET

Protecting your data. EY s approach to data privacy and information security

HCL GRC IT AUDIT & ASSURANCE SERVICES

Position Description IT Auditor

Business continuity management and cyber resiliency

IT Consulting and Implementation Services

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

Security and Privacy Governance Program Guidelines

Certified Information Security Manager (CISM) Course Overview

Data Sheet The PCI DSS

Information Security Risk Strategies. By

NYDFS Cybersecurity Regulations

Sage Data Security Services Directory

to Enhance Your Cyber Security Needs

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Ingram Micro Cyber Security Portfolio

CAPABILITY STATEMENT

SPECIALIST CYBER SECURITY SERVICES & CYBER VULNERABILITY HEALTH CHECK FOR SMALLER COMPANIES

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

QuickBooks Online Security White Paper July 2017

locuz.com SOC Services

Val-EdTM. Valiant Technologies Education & Training Services. Workshop for CISM aspirants. All Trademarks and Copyrights recognized.

Manchester Metropolitan University Information Security Strategy

Securing Your Digital Transformation

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Security Awareness Training Courses

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Predstavenie štandardu ISO/IEC 27005

Accelerate Your Enterprise Private Cloud Initiative

Nebraska CERT Conference

IBM Security Services Overview

Cybersecurity, safety and resilience - Airline perspective

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Cybersecurity. Securely enabling transformation and change

REQUEST FOR EXPRESSIONS OF INTEREST

Business Continuity Management

Avanade s Approach to Client Data Protection

ISO Professional Services Guide to Implementation and Certification AND

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

Effective COBIT Learning Solutions Information package Corporate customers

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Escaping PCI purgatory.

CYBERBIT P r o t e c t i n g a n e w D i m e n s i o n

PROFESSIONAL SERVICES (Solution Brief)

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Combating Cyber Risk in the Supply Chain

Keys to a more secure data environment

Background FAST FACTS

Information Technology Branch Organization of Cyber Security Technical Standard

Background FAST FACTS

Gujarat Forensic Sciences University

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Heading Text. Manage your Organization s Governance, Risks, and Compliance Requirements and Transform your Business Potential with SAP GRC

HCPC's Risk Assurance Part 1

Cybersecurity The Evolving Landscape

Digital Health Cyber Security Centre

EU General Data Protection Regulation (GDPR) Achieving compliance

Enhance Your Cyber Risk Awareness and Readiness. Singtel Business

SECURITY SERVICES SECURITY

Rethinking Information Security Risk Management CRM002

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements

Swedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation

Secure your company s Crown Jewels. workshop

BULLETPROOF365 SECURING YOUR IT. Bulletproof365.com

Security Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:

Security in India: Enabling a New Connected Era

Security Management Models And Practices Feb 5, 2008

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Request for Proposal (RFP)

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Emerging Issues: Cybersecurity. Directors College 2015

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Run the business. Not the risks.

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

2015 VORMETRIC INSIDER THREAT REPORT

FDIC InTREx What Documentation Are You Expected to Have?

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT

BCM Program Development

Effective Cyber Incident Response in Insurance Companies

Our key considerations include:

Transcription:

Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting

Today s Business Environment + Businesses today depend heavily on access to electronic information + Security breaches can cause significant financial and/or reputation damage + Sources could include: Individual hackers Corporate espionage Disgruntled employees Business partners + It is essential to all organizations to understand the strengths and weaknesses of their security posture + Third party assessments are recommended and/or required by many regulatory bodies 2

IDC Security Services Forecast Market for Security Consulting to grow by 20% per year through 2007 $ Million $3,500 $3,000 $2,500 $2,000 $1,500 $1,000 $500 $0 2002 2003 2004 2005 2006 2007 Source: IDC Strategy Assessments Compliance Audit Architecture IR & Forensics 3

About Global Security Consulting Industries We Work With + From large global organizations to niche companies in different industry sectors. Compliance and Your Business + Sarbanes-Oxley (US), FSA (UK), European Data Directive and Payment Card Industry and other regional and national regulatory requirements. Our Approach + Holistic and life cycle approach, paying attention to people, process, and systems. Our Expertise + Over 90 percent of our consultants are CISSPS. Our consultants average 10 years of industry experience. The Value of VeriSign + We re a security company with a consulting practice. We have a unique insight into emerging threats and security trends. We have unparalleled experience with over 14 billion internet interactions, 3 billion telephony interactions, and $100M of e- commerce daily. Success Stories + Executive summaries of key projects 4

Industries We Work With We help where risks are highest. FTSE 100 and Fortune 1000 Finance Top stock market companies are half our business. Financial institutions know we can help with Basel 2, FSA, and SOX. Telecoms Telecom companies count on us for full-featured security. Technology Technology companies rely on our industry-wide experience. Life Sciences Life Sciences earn compliance with FDA 21 CFR Part 11. Retail Retailers turn to us for Payment Card Industry assessments. Manufacturing Manufacturers find security and reliability serve profitability. 5

Our Approach Security isn't just about security, it's about your business. Putting your business first Weighing people and process, not just systems Security isn't just about IT, it's about your business. We've been in your world, shared your experience. Security is more than system controls. A great infrastructure isn't enough. Improving behaviour, culture, and design is essential. Using industry standards as the baseline Our work is built on the solid foundation of standards of good practice such as ISO27001 and BS7799. Using tools that are industry tried and tested We use techniques and technologies that have been generally accepted in the industry. Looking beyond your firewall We look at connections your business has to make sure relationships don't increase your risk. 6

Our Expertise + Global organization with local presence EMEA N. America Australia Japan + Experienced security professionals 100+ professional consultants 10 years average security experience 95% of personnel CISSP certified + Recognized conference speakers Black Hat, SANS, Gartner, RSA, Information Security Forum + Centre for excellence methodology Best-of-breed methodologies and tools to ensure consistent, and high-quality delivery of services Virtual communities of thought leaders promoting knowledge sharing and continuous learning 7

The Value of VeriSign Unmatched security intelligence A security company with a consulting practice From the beginning, our focus has been on providing objective and independent advice and recommendations to our customers and partners. A global presence with an integrated vision We have unique insight into emerging threats and security trends - and the ability to collect intelligence from across the world Unparalleled expertise and experience 3M content interactions, 100M news articles served, 15B address requests, 400M calls, 30M retail transactions and 1.6B security events 8

Services To Meet Your Security Needs Customer Needs Evaluate your business-wide security? Achieve compliance for your business? Identify vulnerabilities in your systems? Consulting Services (1) Enterprise Security Assessment (2) Regulatory Compliance Assessment (3) Technical Security Assessment Go for ISO 27001 certification? Build security into your company's culture? Strengthen your infrastructure? (4) ISO 27001 ISMS Implementation (5) Security Policy and Programme (6) Security Architecture and Design Control who has access to your systems? (7) Identity and Access Management Respond quickly to security breaches? Survive disasters and continue business? (8) Incident Response and Forensics (9) Business Continuity & Disaster Recovery 9

Sample Success Stories

Financial Institution Case Study Business Need A major financial transaction processor needed to be in compliance with financial regulations - including Sarbanes-Oxley - and to secure transaction data both in storage and in transit. Key Challenges Numerous regulations governing its operations Implementing security in the software development lifecycle Solution Over the past year our team has delivered a set of consulting services that helped advance the company s security programme quickly, while addressing the various regulatory and industry requirements the company faced. Key services we provided: Interim Deputy CSO Services Policies procedures development Security architecture improvements Security awareness and training programme We continue to support the company through more advanced security initiatives. Results Our initial successes included: Re-architecting the network in a more secure manner Finalizing policies and procedures Helping chose key technologies such as an incident detection system (IDS) Implementing the security awareness programme In addition, we developed a business process whereby security was ingrained into the software development lifecycle (SDLC) so that when new applications (or new projects) were developed, there was a process by which the security team was consulted for risks. Finally, we implemented more advanced projects: Implementing and providing oversight over the SDLC Managing the rollout of host-based intrusion detection Leading efforts to provide better security at the company s facilities in India Overall the company is performing better in audits and has a better control on the security risks that are inherent in their business - both domestically and internationally 11

Telecommunications Case Study Business Need A mobile telecommunications company needed a security partner to assess and secure its new, state-of-the-art mobile infrastructure - including voice, data, and other value-added services. Key Challenges The existing network was large, complex, and constructed without particular concern for security. As in most countries, near-100% availability was required. Solution We served as the company s security partner, providing a complete suite of consulting services. In addition to assessment and vulnerability mitigation work, we developed policies, procedures, and standards. We helped the client select and apply appropriate technical, procedural, and logical security measures. Finally, we developed plans for the monitoring and management of those measures. In Phase 1, Security Assessment, we performed a full assessment that included: Architecture and technology reviews System hardening reviews Network penetration testing Technical vulnerability assessments Business impact assessments Enterprise security assessments In Phase 2, Security Architecture, we worked with the company to build a comprehensive security architecture that included: Information security policy Information security standards System hardening procedures Network security architecture and design Security department organization programme Security awareness programme Disaster recovery and business continuity plans Security certification programme design 12

Telecommunications Case Study (cont.) In Phase 3, Security Application, we helped the company put the programme into place: Technology and product selection Product implementation roadmap Implementation guidance and support Post implementation audit In Phase 4, Security Management, we provided: Security operations procedure documentation Incident response plan Managed services plan Results We helped the company achieve its key security goals. We helped the IT staff learn to build security awareness into their work style, and also how to escalate and deal with serious security issues. We performed successful penetration tests on the core telecoms network via 3G/GPRS. We realigned security responsibility, setting up approval policies, standards, and procedures, and conducted a successful security awareness campaign. We deployed a complete security architecture that addressed all relevant devices from a monitoring, management, and procedural perspective. The network architecture was reconfigured to align with security best practices, and the devices on the network were secured to documented standards. We deployed security devices, such as firewalls and intrusion detection systems, and provided for their ongoing monitoring. 13

Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback