Mobility Security - A Business-Centric Approach
0 likes490 views
The document discusses a business-centric approach to securing mobile environments, emphasizing the importance of a data-centric security model that involves inventorying, classifying, and protecting data. It outlines various technologies and methodologies for risk assessment and incident management, along with the significance of application and data governance. Additionally, it highlights the role of mobility and cloud technology as key enablers of top business technology trends.
Mobility Security - A Business-Centric Approach
- 1. Securing Mobile: A Business-Centric Approach Omar Khawaja February 2013
- 2. Mobility this week… @smallersecurity Borderless networks RCS, Joyn SIP, IP MDM Monetization Means vs. End
- 4. 1980 19901970 20102000 Difference? Have a closer look: its really not that different. @smallersecurity
- 5. Top Business Technology Trends Video Social Enterprise Big Data Enterprise Clouds High-IQ Networks M2M2P Compliance Energy Efficiency Consumerization of IT Personalization of Service @smallersecurity
- 6. What’s the common theme across top technology trends? @smallersecurity
- 7. Video Big Data Enterprise Clouds High-IQ Networks M2M2P Compliance Social Enterprise Energy Efficiency Consumerization of IT Personalization of Service DATA @smallersecurity
- 8. Mobility and Cloud fuel each of these trends. @smallersecurity
- 9. Security is about Risk ThreatsVulnerabilitiesAssets‘Risk’ @smallersecurity
- 12. 11 Programs and Technologies Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical & Environment Security Communication & Ops Mgmt Access Control Info Systems Acquisition, Dev, & Maintenance Info Security Incident Management Business Continuity Management Compliance @smallersecurity
- 13. 12 Programs and Technologies App Security Anti-X Configuration Management DLP Encryption IAM, NAC Patching Policy Management Threat Management VPN Vulnerability Management … @smallersecurity
- 15. MultipleSingle Security Technology Sets Single Multiple Security Programs App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … App Security Anti-X Config Mgmt DLP Encryption IAM, NAC Patching Policy Mgmt Threat Mgmt VPN Vuln. Mgmt … Risk Assessment Security Policy Organization of Info Security Asset Management Human Resources Management Physical& Environment Security Comms& OpsMgmt Access Control Info Systems Acquisition, Dev, & Maint. Info Security Incident Management Business Continuity Management Compliance Multiple Approaches Worst Case Nirvana Good Really? @smallersecurity
- 17. Data-Centric Approach (Follow the data) Inventory (must) Classify (must) Destroy* (ideal) Protect Monitor @smallersecurity
- 18. Data-Centric Security Model Data-centric security is business-centric security @smallersecurity
- 19. To protect the data, protect what’s around it too Data-Centric Security Model @smallersecurity
- 20. GRC and Intelligence define security program Data-Centric Security Model @smallersecurity
- 21. Start with assets, end with the controls Data-Centric Security Model @smallersecurity
- 22. How do we execute? @smallersecurity
- 23. Data-Centric Security: A Recipe Implement Control Requirements Monitor Control Effectiveness Entitlement Definition Mobile Environment Definition Inventory Users Define Business Processes Destroy Data Inventory Data Categorize Data @smallersecurity
- 25. What about Apps? Can’t impede app proliferation, but how do you know which to trust? 30 billion app downloads from Apple's App Store Apps have overtaken browsing @smallersecurity
- 26. What about the Network? (It’s not just for transport) @smallersecurity
- 27. Key security imperatives: 1) Data Governance 2) Application Governance @smallersecurity
- 28. Doing things right ↓ Doing the right things Business Context Follow the data Network can help Simplify security program Apps matter @smallersecurity
- 31. This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizon’s service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. © 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizon’s products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners. PROPRIETAR Y STATEMENT @smallersecurity
- 32. Security Leadership Why Verizon? Industry Recognition Largest & highly rated MSSP (Frost & Sullivan, Gartner, Forrester) Founding and Executive Member of Open Identity Exchange Security Consulting practice recognized as a Strong Performer (Forrester) ICSA Labs is the industry standard for certifying security products (started in 1991) Credentials More PCI auditors (140+ QSAs) than any other firm in the world HITRUST Qualified CSF Assessor Actively participate in 30+ standards / certification bodies, professional organizations and vertical specific consortia Personnel hold 40+ unique industry, technology and vendor certifications Global Reach 550+ dedicated security consultants in 28 countries speak 28 languages Investigated breaches in 36 countries in 2011 7 SOCs on 4 continents manage security devices in 45+ countries Serve 77% of Forbes Global 2000 Experience Verizon’s SMP is the oldest security certification program in the industry Analyzed 2000+ breaches involving 1+ Billion records Manage identities in 50+ countries and for 25+ national governments Delivered 2000+ security consulting engagements in 2011 ISO 9001 ISO 17025
Editor's Notes
- #2: http://gsourceg.com/images/products/product-010.jpg