jan 30 2010 - confederation of indian industry · microsoft powerpoint - muralikrishna.ppt...
TRANSCRIPT
![Page 1: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/1.jpg)
Jan 30th 2010
M li K i h KMurali Krishna KVP & Group Head - Computers & Communication Division
Infosys Technologies Ltd.
Confederation of Indian Industry©1
![Page 2: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/2.jpg)
C t d Lif t lConnected Lifestyle◦ Social networking◦ Borderless sharing of Information
Pervasive Computing◦ Increased footprint of intelligent devices
Network is the “Internet” blurring boundaries◦ Network is the Internet , blurring boundaries◦ On-demand computing power.. Cloud based
Digital Consumers & New CommerceDigital Consumers & New Commerce◦ Mobility - Self Service – Personalization◦ Increased transaction volumes – New payment modes
Smarter Organization◦ Simplify – Connect – Collaborate◦ Sustainability thru automation
Confederation of Indian Industry©
Privileged & Confidential2
◦ Integrated security posture
![Page 3: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/3.jpg)
Connected Lifestyle◦ Social Engineering - Identity & Intellectual Property thefts
Pervasive Computing◦ Un-patched, wrongly configured devices◦ Access to compute power on demand with malicious intent◦ Access to compute power on demand with malicious intent◦ Poisoned community Images in virtualized environment◦ Data Privacy
Digital Consumers & New Commerce◦ Identity Thefts and Targeted “for profit” attacks◦ Vulnerabilities at application layer
Smarter Organization◦ Abuse of Access to information
Confederation of Indian Industry©
Privileged & Confidential3
◦ Mobile/ Distributed workforce
![Page 4: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/4.jpg)
Insider abuse of access to dataTheft of Proprietary InformationMisuse of Internet accessInfringement of Intellectual PropertyVirus, Worms, Spyware, P2P, ….Attacks on Internet exposed systemsUnauthorized SoftwarePhysical access to facilitiesSecuring virtual environmentsSecuring end-points, network, content, application…..
Confederation of Indian Industry©
Privileged & Confidential4
![Page 5: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/5.jpg)
Input Security Management Outputg
Process and policy changes
Trends and applications of new technology &
Audits & Risk assessments Review
S
changes
System changes
technology & concepts
Analysis of metricsSecurity Measures
Requirements in
Infrastructure investments
Incidents
qcontracts
Employee education / HR interventions
Confederation of Indian Industry©
Privileged & Confidential
![Page 6: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/6.jpg)
Security by design, not an after thought… Illustrating a few activitiesa few activities,
Formal risk assessment exercise of “what can go wrong” and “mitigation strategies”g g
Compliance to the regulatory environment Readiness on a continuous basis and not on the eve of the
auditauditRobust and independent internal audit mechanismPeer group collaboration for pro-active security posture Regular and periodic interaction with security agenciesRegular and periodic interaction with security agenciesContinuous Communication◦ Awareness, quiz, channel for whistleblower, security tips, etc.
Confederation of Indian Industry©
Privileged & Confidential6
![Page 7: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/7.jpg)
Analysis-based continuous improvements with right measurements … Typical metrics applicable are,
Health Management Metrics for systems (Desktops/laptops/server/switches/etc.) - Patches, Anti-Virus/Spam
Software management Metrics – authorized/unauthorized, License compliancecompliance
Identity Life Cycle Management Metrics – Access provisioning / revocation / monitoring
Reconciliation Metrics – IT asset inventory with health management systemsChange Management Metrics – Unapproved changes, Post facto approvals Audit Metrics – Compliance monitoring, configuration monitoringIncidents Metrics – Security incidents, data loss, IP and copyright violationBCP & DR Metrics – BCP Tests conducted DRRs trainedBCP & DR Metrics – BCP Tests conducted, DRRs trained Physical Security Metrics – Access control, inventory controlHR Metrics – Background verifications, disciplinary actions
Confederation of Indian Industry©
Privileged & Confidential
![Page 8: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/8.jpg)
We need the right mix of Governance, Technology & Automation
Patch Compliance from OS to Application & Configuration compliance
Security Measures with monitoring toSense-and-Respond capabilities
Application development toTrusted Application development methods
Security measures in Silos toIntegrated Security posture
Confederation of Indian Industry©
Privileged & Confidential8
![Page 9: Jan 30 2010 - Confederation of Indian Industry · Microsoft PowerPoint - Muralikrishna.ppt [Read-Only] [Compatibility Mode] Author: srho Created Date: 3/18/2010 7:52:45 AM](https://reader034.vdocuments.us/reader034/viewer/2022050406/5f8349528fb0f9127c4918a5/html5/thumbnails/9.jpg)
Confederation of Indian Industry©9