Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Omar Khawaja
February 2013
1970
@smallersecurity
Personal Computing
1970
1980
@smallersecurity
1970
1980
1990
@smallersecurity
Mobile Matures
1970
1980
1990
2000
@smallersecurity
Mobile Revolution
1970
1980
1990
2000
2010
@smallersecurity
@smallersecurity
Btw, is
securing various platform
@smallersecurity
Difference?
1970
1980
1990
2000
2010
Video
Compliance
Social Enterprise
Energy Efficiency
@smallersecurity
Whats
the common theme across top technology trends?
@smallersecurity
High-IQ Networks
Enterprise Clouds
Big Data
M2M2P
Video
Compliance
Social Enterprise
Energy Efficiency
DATA
@smallersecurity
Mobility
and Cloud fuel each of these trends.
@smallersecurity
Risk
Assets
Vulnerabilities
Threats
@smallersecurity
How do we secure
mobile today?
@smallersecurity
@smallersecurity
16
Risk Assessment
Security Policy
Asset Management
Access Control
Compliance
@smallersecurity
17
App Security
Anti-X
Configuration Management
DLP
Encryption
IAM, NAC
Patching
Policy Management
Threat Management
VPN
Vulnerability Management
@smallersecurity
18
Multiple Approaches
@smallersecurity
19
Multiple Approaches
Really?
Single
Risk Assessment
Asset Management Comms & Ops Mgmt
Info Security Incident Management
Worst Case
Security Policy
Human Resources Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance
Risk Assessment
Asset Management Comms & Ops Mgmt
Info Security Incident Management
Security Policy
Human Resources Management
Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance
Risk Assessment
Asset Management Comms & Ops Mgmt
Info Security Incident Management
Security Policy
Human Resources Management
Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance
Risk Assessment
Asset Management Comms & Ops Mgmt
Info Security Incident Management
Security Policy
Human Resources Management
Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance
Risk Assessment
Asset Management Comms & Ops Mgmt
Info Security Incident Management
Security Policy
Human Resources Management
Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance
Risk Assessment
Asset Management Comms & Ops Mgmt
Info Security Incident Management
Security Policy
Human Resources Management
Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance
Access Control
Business Continuity Management
Access Control
Business Continuity Management
Access Control
Business Continuity Management
Access Control
Business Continuity Management
Access Control
Business Continuity Management
Access Control
Business Continuity Management
App Security
Anti-X
Config Mgmt
App Security
Anti-X
Config Mgmt
App Security
Anti-X
Config Mgmt
App Security
Anti-X
Config Mgmt
DLP
Encryption
IAM, NAC
DLP
Encryption
IAM, NAC
DLP
Encryption
IAM, NAC
DLP
Encryption
IAM, NAC
Patching
Threat Mgmt
Patching
Threat Mgmt
Patching
Threat Mgmt
Patching
Threat Mgmt
VPN
VPN
VPN
VPN
Security Programs
Risk Assessment
Asset Management Comms & Ops Mgmt
Info Security Incident Management
Security Policy
Human Resources Management
Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance
Risk Assessment
Asset Management Comms & Ops Mgmt
Info Security Incident Management
Security Policy
Human Resources Management
Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance
Access Control
Business Continuity Management
Access Control
Business Continuity Management
App Security
Anti-X
Config Mgmt
App Security
Anti-X
Config Mgmt
App Security
Anti-X
Config Mgmt
App Security
Anti-X
Config Mgmt
DLP
Encryption
IAM, NAC
DLP
Encryption
IAM, NAC
DLP
Encryption
IAM, NAC
DLP
Encryption
IAM, NAC
Patching
Threat Mgmt
Patching
Threat Mgmt
Patching
Threat Mgmt
Patching
Threat Mgmt
VPN
VPN
VPN
VPN
Multiple
Nirvana
Good
Single
Multiple
Heres an approach
@smallersecurity
Inventory (must)
Classify (must)
Data-Centric
Approach
(Follow the data)
Destroy* (ideal)
Protect
Monitor
@smallersecurity
Data-centric
security is
business-centric
security
@smallersecurity
To protect the
data, protect
whats around it
too
@smallersecurity
GRC and
Intelligence
define security
program
@smallersecurity
Start with
assets,
end with the
controls
@smallersecurity
How do we execute?
@smallersecurity
Destroy Data
Entitlement Definition
Implement Control Requirements Monitor Control Effectiveness
@smallersecurity
@smallersecurity
proliferation, but
30 billion app downloads from Apple's App Store
which to trust?
@smallersecurity
@smallersecurity
@smallersecurity
Apps matter
Follow the data Doing things right & Business Context Doing the right things
@smallersecurity
Question
and
Answers
@smallersecurity
T h a n k Yo u
o m a r.kha wa j a@ ve r i z o nb usi ne ss.co m
@smallersecurity
PROPRIETAR Y STATEMENT
This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizons service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizons products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.
@smallersecurity
Salahuddin Khawaja
salahk@gmail.com
More at Decklaration.com
ABOUT THE AUTHOR
Salah has 14 years of experience, primarily in the Financial Services Industry. Before joining JP Morgan he
Areas of Expertise: Strategy Development, Business Transformation, System Integration, Program & Project Management, Mobile Strategy, Data Analytics, Executive Presentations Sample Clients: Bank of America, Citi , MasterCard
37