arshad martin
TRANSCRIPT
India-US Information Security Summit 2004
Arshad MatinExecutive Vice President
Product and Technology Operations
India-US Information Security Summit 2004
Arshad MatinExecutive Vice President
Product and Technology Operations
Best Practices for Securing an Enterprise Environment
Agenda
• Security Imperatives
• Enterprise Best Practices
• Implementing Best Practices
• Security Imperatives
• Enterprise Best Practices
• Implementing Best Practices
95% Averted With Proper Policies, Systems Configuration and Current Patches Deployed
Key DriversKey Drivers
GrowingRegulatoryRequirements• Sarbanes-Oxley• Basel II• HIPAA• GLBA …
Increasingly ChallengingIT Environment• Security Attacks• Disparate Technologies• Proliferation of Access Devices/Points
Increased Focuson Security
• C-level Visibility
• Top Business Priority
• Growing Investments
New Business ChallengeSurrender: You Are Surrounded!New Business ChallengeSurrender: You Are Surrounded!
• Multiple regulations impact IT Security Controls
• Multiple investments in compliance capabilities, both staff & technologies
• Multiple stakeholders — Auditors, C-level, Security/Compliance Officer, CIO, and others
SEC
PatriotAct
SOX
BaselAccords
CASB 1386
YouAre
Here
HIPAA
GLBA
EU
CanadianPrivacy
New Internal ChallengeMultiple Stakeholders = ComplexityNew Internal ChallengeMultiple Stakeholders = Complexity
Security / IT / RiskDirectors
CFO Legal COO InternalAudit
ExternalAudit
PerimeterSecurity
SecurityAudit Servers Desktops User
Management Others …
Looking for Shared:Language, Experience, Expectations …
Agenda
• Security Imperatives
• Enterprise Best Practices
• Implementing Best Practices
• Security Imperatives
• Enterprise Best Practices
• Implementing Best Practices
Remediate Audit/Analyze
Assign Notify
Publish
Define RulesRepeat
IT Risk Management LifecycleIT Risk Management Lifecycle
Certify/Verify
IT Security & ComplianceIT Security & Compliance
Technologies LeveragedPolicy-based Compliance StrategyTechnologies LeveragedPolicy-based Compliance Strategy
Sys
tem
Sys
tem
Docu
menta
tion
Docu
menta
tion
Use
rU
ser
Managem
ent
Managem
ent
Oth
ers
Oth
ers
…
… P
atc
hPatc
h
Managem
ent
Managem
ent
Configura
tion
Configura
tion
Managem
ent
Managem
ent
Vuln
era
bilit
y
Vuln
era
bilit
y
Managem
ent
Managem
ent
Peri
mete
r
Peri
mete
r
Secu
rity
Secu
rity
Secu
rity
Secu
rity
Monit
ori
ng
Monit
ori
ng
Security PolicySecurity Policy(based on ISO 17799 / BS7799 or similar)(based on ISO 17799 / BS7799 or similar)
BestPractices
BusinessReq. Basel II EUSOX Others …COBIT
Agenda
• Security Imperatives
• Enterprise Best Practices
• Implementing Best Practices
• Security Imperatives
• Enterprise Best Practices
• Implementing Best Practices
Enterprise SecurityBest Practices Group does more …Enterprise SecurityBest Practices Group does more …
Source: 2004 Global Information Security SurveyCIO Magazine, 15-Sep-2004 Issue
Enterprise SecurityBest Practices Group yields results …Enterprise SecurityBest Practices Group yields results …
Source: 2004 Global Information Security SurveyCIO Magazine, 15-Sep-2004 Issue
IT Security and ComplianceBest Practices now a global requirement …
IT Security and ComplianceBest Practices now a global requirement …
For:
• For BPO — full awareness and attention to all “global” regulations affecting your partners
• For IT offshoring companies – ability to implement and operate policy-based IT management
• For software company — safe, secure coding standards, such as CIS, ISO, CobiT ...
• For an enterprise — IT security and compliance standards that protect your business from all “threats” – internal and external, local andglobal
For:
• For BPO — full awareness and attention to all “global” regulations affecting your partners
• For IT offshoring companies – ability to implement and operate policy-based IT management
• For software company — safe, secure coding standards, such as CIS, ISO, CobiT ...
• For an enterprise — IT security and compliance standards that protect your business from all “threats” – internal and external, local andglobal