Yhcg - IT security and risk management
-
Upload
wilfred-barretto -
Category
Technology
-
view
130 -
download
3
Transcript of Yhcg - IT security and risk management
![Page 1: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/1.jpg)
~ Aegis ~ ~Product overview
~
Yellow House Consulting
Group
Copyright © 2014-15 yhcg.in
Beyond Firewalls
Protection
& Performance
~ Aegis ~~ Aegis ~
![Page 2: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/2.jpg)
Copyright © 2014-15 yhcg.in
IT assessments bring in IT discipline, reality check and ensures continuous IT maturity and readiness for the organization
80% of large and 60% of small organizations experienced at least one “malicious security incident” in 2014
60% Indian IT professionals feel organizations cannot protect itself from Cyber attacks
Why IT Security and Risk Management ?
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
DDoS, Web applications, and IT infrastructure attacks represent some of the most critical threats to enterprises today ~ Akamai security report, Q4, 2014
![Page 3: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/3.jpg)
Copyright © 2014-15 yhcg.in
Hackers used email information from Mumbai firm, “Mallak Specialities Pvt Ltd”, to fleece the firm to deposit money into bank accounts~ 27-OCT-2014 - HC directs CBI to investigate
19% of incidents are a results of insider privilege misuse – Verizon Report
The ONLY way to strengthen and test your IT systems effectiveness, efficiency & readiness of IT security is by periodic systems assessment and vulnerability tests by a systems vendor
Why IT Security and Risk Management ?
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 4: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/4.jpg)
Copyright © 2014-15 yhcg.in
IT security and risk management Objectives
Common IT assessment Observations
What we are confident of – YHCG IT services lines
IT for Business transformation
What after IT assessment ?
Index
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 5: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/5.jpg)
Copyright © 2014-15 yhcg.in
Alignment of Business requirements with existing IT Support Systems
Availability of mature and cost effective IT systems – for negligible down time
Security – Accessibility to ONLY authorized users, prevention of Data theft and Vulnerability to unwarranted intrusions and attacks
…contd.
Risk Management Objectives – what we look for ?
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 6: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/6.jpg)
Copyright © 2014-15 yhcg.in
Capability – Provide users with necessary tools and solutions to efficiently and effectively do their jobs and be flexible in adapting to changing business needs
Competitiveness – IT being used as an business enabler for competitive advantage
Risk Management Objectives – what we look for ?
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 7: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/7.jpg)
No pre-defined IT Strategy hence absence of Business-IT Alignment
No SOP made available for Policy reference and Security Implementation
Absence of IT Security & Configuration management (baseline & setup) plan
Critical lapses in IT operations control leading to attack vulnerability …contd.
Common Observations during assessment
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 8: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/8.jpg)
Common Observations during assessment
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 9: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/9.jpg)
Copyright © 2014-15 yhcg.in
No IT Disaster Recovery Plan for Business Continuity
Low level of IT Security Maturity, IT Ops Control, Configuration Management, Data Loss and Theft prevention
No evidence of IT being used as an enabler to transform business
Common Observations during assessment
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 10: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/10.jpg)
Organization’s IT Setup – managed by quality team having pre-defined KPAs and responsibilities (in - house and/or outsourced)
IT Framework – to implement IT Security policies and Operation Control Systems
IT Role - to facilitate, support and steer the organizational goals as a Business Transformational Agent
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 11: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/11.jpg)
Secure IT Network Architecture – Network overhauled and re-postured due to lack of security controls & concepts like zoning & DMZ
Security management and IT ops monitoring software Implementation
IT Vulnerability - Overcome IT Operational Control weaknesses and implement governance framework & security policies to mitigate Business-IT risks
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 12: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/12.jpg)
DLP (data loss prevention)- to be implemented at the organization level
Disaster Recovery Plan - to be developed to support the organization’s Business Continuity Plan
IT Cost Control – evaluate early adoption of Hybrid Cloud solutions, Server Virtualization and Open Source Software to reduce cost, infra manageability and maintain high availability of certain data & software services
…contd.
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 13: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/13.jpg)
Secure Connectivity - evaluate cost and implement VPN connectivity for more secure connectivity between HO & branches
IT Planning – Short / Long Term plans and Vision which include:
Processes - tuned & in alignment with Business needs Systems - operational control and overhaul People - optimally sized trained staff augmentation to
satisfy new necessary roles and responsibilities
Post Assessment Implementation by YHCG
Copyright © 2014-15 yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 14: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/14.jpg)
Copyright © 2014-15 yhcg.in
Smart & Disciplined IT implementation can help to solve specific business complexities and help do business effectively and efficiently
In today’s fast paced business environment, it is about managing your systems & data optimally so that it will transform your business
Excellence in Technology Implementation is the best way to put distance between a company and its competitors
IT should not be just adopted for IT sake
IT Myth : ~ more resources, extra cost, more hardware & software
- but best-in-class practices prove otherwise
IT for Business Transformation…
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 15: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/15.jpg)
Copyright © 2014-15 yhcg.in
IT systems & software setup, Network & IT Security Grade - assessment
Secure Network Design and implementation (Small and Medium businesses)
Data Loss Prevention (DLP) – design and implementation
Cyber defence – assessment, design and implementation
Vulnerability assessment & Penetration Test (VAPT)
Identity and access management - design and implementation
Hybrid Cloud – design & implementation
YHCG service lines ……..
Yellow House Consulting GroupAegis ~ IT Security & Risk Management
![Page 16: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/16.jpg)
Copyright © 2014-15 yhcg.in
What after IT assessment ?
Yellow House Consulting GroupAegis ~ IT assessment Overview
![Page 17: Yhcg - IT security and risk management](https://reader036.fdocuments.us/reader036/viewer/2022081521/58a766401a28ab217e8b6ae3/html5/thumbnails/17.jpg)
Copyright © 2014-15 yhcg.in
Thank you !
Yellow House Consulting Groupwww.yhcg.in
Yellow House Consulting GroupAegis ~ IT Security & Risk Management