sirius security overview - ncmgm.memberclicks.net · – client security roadmap and initiatives...
TRANSCRIPT
www.siriuscom.com 8/18/2017 2
Rob Hoisington is a Security Architect and member of the IT Consultant team for Sirius Computer Solutions. Robert holds a Masters of Science degree in Information Technology from University of Maryland University College and he is an alumnus of the U.S. Military Academy at West Point where he received a Bachelors of Science in Computer Science.
Rob has been with Sirius Computer Solutions for 5 years. During this time he has worked with clients in a wide variety of industries including banking, insurance, education, healthcare, manufacturing, distribution, and utilities - addressing a wide variety of security, regulatory, and disaster mitigation challenges.
Prior to joining Sirius, Rob worked for the U.S. Army as a Signal Corps Officer where he was responsible for technical teams as well as security, networks, and systems both in the U.S. and deployed overseas.
Rob is married, has 3 kids, and lives in Spring Hill, Tennessee.
Rob HoisingtonIT Security Consultant - CISSP, GLEG, [email protected] - 757.675.0101
www.siriuscom.com 8/18/2017 4
– Introductions– Sirius Consulting Approach and Portfolio (high level)– Sirius Security Capabilities
• Security Consulting Services• Security Solutions
– Client Security Roadmap and Initiatives– Next Steps
Agenda
www.siriuscom.com 8/18/2017 6
Consulting Services PortfolioEnterprise Consulting• Interim CIO and CISO Services• Digital Workspace• Internet of Things • IT Strategic Roadmaps• IT Service Management• Technology Solution Evaluation• Process Optimization Assessments• Cost Reduction Assessments• Business Impact and Technology Investment
Justification • Insourcing/Outsourcing Assessments• M&A Due Diligence and Integration• Telecommunications• Imaging and Print Services• Organizational Assessments
Data Center Transformation• Data Center Models
• Private• Cloud• Hybrid
• Data Center Functions• Production• Disaster Recovery• Other
• Data Center Services• Strategic Planning and Budgeting• Current State Inventory• End State Design • Detailed Implementation
Planning and Budgeting• Implementation and Testing• Implementation Post Mortems
DevOps Transformation• End-to-End DevOps Lifecycle• SDLC & Application Lifecycle Management, Agile,
Waterfall, Continuous Release and Deployment • Operations Optimization• Infrastructure Best Practices• ITIL, CMMI, Scaled Agile Framework (SAFe), Lean, and
Six Sigma Best Practices• Data Strategy• Quality Assurance Best Practices and Test Automation• Cloud Computing• Infrastructure as Code (IaC) • Security, Regulatory, Governance and Controls
Risk, Security, and Compliance• Security Governance Review• Enterprise Risk Assessment & Security
Posture Services• Data Criticality Assessment• Vulnerability Assessments• Technical Security Architecture Review• HIPAA/HITECH & MU Assessment• PCI Assessment
• Security Policy Services• Employee Security Awareness• SIEM/MSSP Assessment• Executive Security Consulting Services• Penetration Testing• Social Engineering• Forensics• Code Risk Assessments
Business Continuity & IT/DR• BC & IT/DR Current State Assessment• Business Impact Assessment (BIA & µBIA)• Emergency Preparedness Action Planning• Architecture Standards for Continuity &
Recovery• Declaration Process Plan
• Tabletop Exercise Facilitation
• IT/DR Exercise Planning & Coordination• BC Program Awareness Consulting• Incident Response Planning• Enterprise Communication Planning• Family Support Reponses Program
www.siriuscom.com 8/18/2017 8
– Vendor neutral and consultative– Primary focus is to understand/develop customer requirements including via
assessment if necessary. • Understand current client environment• Understand security drivers (high risk data, privacy, compliance, incidents, etc.)
– Jointly develop an approach to meeting requirements• May include People, Policy, Process, Governance, and Technology • Solution/Remediation plan or may not include Sirius capabilities if best fit for client
is something we don’t offer
As a systems integration company, the full Sirius engineering team stands behind the ITC to assist with security implementation services and remediation, including a large
number of partner brand skills and services – most competitors can’t offer the breadth of internal resources and partnerships that Sirius brings to the table for implementation and
remediation services.
Sirius Security Principles and Approach
www.siriuscom.com 8/18/2017 10
– Compliance• PCI DSS, NIST, FISMA, HIPAA, ISO, etc.
– Assessments• Penetration Testing, Network Vulnerability, Web App Vulnerability• System Security Configuration Reviews• Information Criticality Workshop
– Governance• Third Party Vendor Management, Program Development, Security Awareness
– Incident Response• Physical, Technical, Plan Development, Retainer
– Digital Forensics• Imaging, Extraction, Analysis, Preparation for Counsel, Expert Testimony
– Executive Security Consulting Services– Presales Consulting
• Security Architecture Review (SAR) Workshop• Security Solution Development
Sirius Security Consulting Services
www.siriuscom.com 8/18/2017 11
Security Solutions– Vulnerability
Management– Patch/System
Management– Traditional Endpoint
Security– Next Generation
Endpoint Security– Next Generation
Firewall– Network Access Control– Content Filtering/Proxy– Email Security– Security Incident Event
Management– IPS/IDS
– Application Protection– Identity and Access
Management– Database Security– Remote Access– Multi-Factor
Authentication– Web Application Firewall– Endpoint Incident
Response– Cloud Security– Privileged Identity
Management– Managed Security
Services
– GRC Platforms– Data Loss Prevention– Network Management
and Audit– Network Taps– SSL Decryption – Mobile Device
Management– Unstructured Data
Security– Encryption– Data Center
Segmentation
www.siriuscom.com 8/18/2017 12
Sirius Security Solutions and Services Partners
…and more
www.siriuscom.com 8/18/2017 13
Sirius Security Solutions NIST Cyber Defense Matrix View
Recover
Technology PeopleProcess
Devices
Applications
Networks
Data
Users
Degree of Dependency
RespondDetectProtectIdentify