Data Driven Infosec Services

A new approach to information security services

10011101101110111011101110101010000010011010010011001111011000011001111000

A data-driven services portfolio

We’re competing in a lemon market ...now what ?

10011101101110111011101110101010000010011010010011001111011000011001111000

The service provider that understands the art of making use of datawins the trust of the client.

“

”

Data driven services

penetration testing

vulnerability management

securitymonitoring

incidentresponse

SDLCservices

securityarchitecture

10011101101110111011101110101010000010011010010011001111011000011001111000

Data driven services

collect

store

analyze

- create data model per service- ensure consistent collection

- create security data warehouse- store data according to data model

- create analysis use cases- generate intelligence from collected data

10011101101110111011101110101010000010011010010011001111011000011001111000

Data modelspenetration testing

10011101101110111011101110101010000010011010010011001111011000011001111000

Client

VerticalSize ($)

HeadcountSecurity Team

Security budget

TestScopeTypeSize

Timeframe

SubjectTypeSize

Criticality

FindingType

DescriptionThreatImpact

<client><clientdata>

<vertical>Healthcare</vertical><size>200,000,000</size><headcount>1500</size><secteam>5</secteam><secbudget>1,000,000</secbudget>

</clientdata><test>

<scope>Surgeon Webapp</scope><type>WebApp</scope><size>3</size><timeframe>5</timeframe><testsubject>

<type>front-end server</type><size>20</size><criticality>9</criticality><finding>

<type>XSS</type><description>stored XSS by authenticated user</description><threat>low</threat><impact>high</impact>

</finding></testsubject>

</test></client>

Data modelsvulnerability management

10011101101110111011101110101010000010011010010011001111011000011001111000

(TBD)

Data modelssecurity monitoring

10011101101110111011101110101010000010011010010011001111011000011001111000

(TBD)

How ?10011101101110111011101110101010000010011010010011001111011000011001111000

DBData entry

Consultants

Reporting

Sales/Marketing/Management

Reporting

Clients

$$$$$

Reportin

g

Consu

lting

Clients

Data entry

Why ?10011101101110111011101110101010000010011010010011001111011000011001111000

Client• expects our expertise beyond engagement• lacks bandwidth for data analysis• requires more data for various purposes

compliance, risk management, reporting, ...

We• require a USP in a lemon market• require data to improve service quality• require data to improve service profitability• desire to deepen relationship with customer

10011101101110111011101110101010000010011010010011001111011000011001111000

Question

Answer

Answer=

Satisfactory?

End

Data Driven Infosec Services

Technology

Transcript of Data Driven Infosec Services