yhcg - it security and risk management
TRANSCRIPT
~ Aegis ~ ~Product overview
~
Yellow House Consulting
Group
Copyright © 2014-15 yhcg.in
Beyond Firewalls
Protection
& Performance
~ Aegis ~~ Aegis ~
Copyright © 2014-15 yhcg.in
IT assessments bring in IT discipline, reality check and ensures continuous IT maturity and readiness for the organization
80% of large and 60% of small organizations experienced at least one “malicious security incident” in 2014
60% Indian IT professionals feel organizations cannot protect itself from Cyber attacks
Why IT Security and Risk Management ?
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
DDoS, Web applications, and IT infrastructure attacks represent some of the most critical threats to enterprises today ~ Akamai security report, Q4, 2014
Copyright © 2014-15 yhcg.in
Hackers used email information from Mumbai firm, “Mallak Specialities Pvt Ltd”, to fleece the firm to deposit money into bank accounts~ 27-OCT-2014 - HC directs CBI to investigate
19% of incidents are a results of insider privilege misuse – Verizon Report
The ONLY way to strengthen and test your IT systems effectiveness, efficiency & readiness of IT security is by periodic systems assessment and vulnerability tests by a systems vendor
Why IT Security and Risk Management ?
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Copyright © 2014-15 yhcg.in
IT security and risk management Objectives
Common IT assessment Observations
What we are confident of – YHCG IT services lines
IT for Business transformation
What after IT assessment ?
Index
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Copyright © 2014-15 yhcg.in
Alignment of Business requirements with existing IT Support Systems
Availability of mature and cost effective IT systems – for negligible down time
Security – Accessibility to ONLY authorized users, prevention of Data theft and Vulnerability to unwarranted intrusions and attacks
…contd.
Risk Management Objectives – what we look for ?
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Copyright © 2014-15 yhcg.in
Capability – Provide users with necessary tools and solutions to efficiently and effectively do their jobs and be flexible in adapting to changing business needs
Competitiveness – IT being used as an business enabler for competitive advantage
Risk Management Objectives – what we look for ?
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
No pre-defined IT Strategy hence absence of Business-IT Alignment
No SOP made available for Policy reference and Security Implementation
Absence of IT Security & Configuration management (baseline & setup) plan
Critical lapses in IT operations control leading to attack vulnerability …contd.
Common Observations during assessment
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Common Observations during assessment
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Copyright © 2014-15 yhcg.in
No IT Disaster Recovery Plan for Business Continuity
Low level of IT Security Maturity, IT Ops Control, Configuration Management, Data Loss and Theft prevention
No evidence of IT being used as an enabler to transform business
Common Observations during assessment
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Organization’s IT Setup – managed by quality team having pre-defined KPAs and responsibilities (in - house and/or outsourced)
IT Framework – to implement IT Security policies and Operation Control Systems
IT Role - to facilitate, support and steer the organizational goals as a Business Transformational Agent
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Secure IT Network Architecture – Network overhauled and re-postured due to lack of security controls & concepts like zoning & DMZ
Security management and IT ops monitoring software Implementation
IT Vulnerability - Overcome IT Operational Control weaknesses and implement governance framework & security policies to mitigate Business-IT risks
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
DLP (data loss prevention)- to be implemented at the organization level
Disaster Recovery Plan - to be developed to support the organization’s Business Continuity Plan
IT Cost Control – evaluate early adoption of Hybrid Cloud solutions, Server Virtualization and Open Source Software to reduce cost, infra manageability and maintain high availability of certain data & software services
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Secure Connectivity - evaluate cost and implement VPN connectivity for more secure connectivity between HO & branches
IT Planning – Short / Long Term plans and Vision which include:
Processes - tuned & in alignment with Business needs Systems - operational control and overhaul People - optimally sized trained staff augmentation to
satisfy new necessary roles and responsibilities
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Copyright © 2014-15 yhcg.in
Smart & Disciplined IT implementation can help to solve specific business complexities and help do business effectively and efficiently
In today’s fast paced business environment, it is about managing your systems & data optimally so that it will transform your business
Excellence in Technology Implementation is the best way to put distance between a company and its competitors
IT should not be just adopted for IT sake
IT Myth : ~ more resources, extra cost, more hardware & software
- but best-in-class practices prove otherwise
IT for Business Transformation…
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Copyright © 2014-15 yhcg.in
IT systems & software setup, Network & IT Security Grade - assessment
Secure Network Design and implementation (Small and Medium businesses)
Data Loss Prevention (DLP) – design and implementation
Cyber defence – assessment, design and implementation
Vulnerability assessment & Penetration Test (VAPT)
Identity and access management - design and implementation
Hybrid Cloud – design & implementation
YHCG service lines ……..
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
Copyright © 2014-15 yhcg.in
What after IT assessment ?
Yellow House Consulting GroupAegis ~ IT assessment Overview
Copyright © 2014-15 yhcg.in
Thank you !
Yellow House Consulting Groupwww.yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management