Scribd Logo
Carica

Benvenuto in Scribd!

  • Verizon Mobile Security

    Caricato da

    Salahuddin Khawaja
    38 visualizzazioni38 pagine
    Securing Mobile - A Business Centric Approach For a higher quality version, visit: http://decklaration.com/verizon Presentation given by Omar Khawaja (of Verizion) at Verizon the 2013 ​Mobile World Congress in Barcelona.

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Formati disponibili

    PPTX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Securing Mobile - A Business Centric Approach For a higher quality version, visit: http://decklaration.com/verizon Presentation given by Omar Khawaja (of Verizion) at Verizon the 2013 ​Mobile World Congress in Barcelona.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    38 visualizzazioni38 pagine

    Verizon Mobile Security

    Caricato da

    Salahuddin Khawaja
    Securing Mobile - A Business Centric Approach For a higher quality version, visit: http://decklaration.com/verizon Presentation given by Omar Khawaja (of Verizion) at Verizon the 2013 ​Mobile World Congress in Barcelona.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Scarica in formato PPTX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 38

    Securing Mobile: A Business-Centric Approach

    Omar Khawaja
    February 2013

    Information Revolution Starts

    1970

    Main frame (Green Terminals)

    @smallersecurity

    Personal Computing

    1970

    1980

    Thick Client & Mobile Revolution Starts

    @smallersecurity

    Advent of the Web

    1970

    1980

    1990

    Web based computing and Mobile truly goes mobile

    @smallersecurity

    Mobile Matures

    1970

    1980

    1990

    2000

    Web and Mobile mature

    @smallersecurity

    Mobile Revolution

    1970

    1980

    1990

    2000

    2010

    Information Revolution becomes the Mobile Revolution


    @smallersecurity

    Global Mobile Traffic

    @smallersecurity

    Mobile is no longer optional

    @smallersecurity

    Btw, is
    securing various platform

    really that different?

    @smallersecurity

    Difference?

    1970

    1980

    1990

    2000

    2010

    Have a closer look: its really not that different.


    @smallersecurity

    High-IQ Networks Enterprise Clouds Big Data

    Personalization of Service Consumerization of IT M2M2P

    Top Business Technology Trends

    Video

    Compliance

    Social Enterprise

    Energy Efficiency

    @smallersecurity

    Whats
    the common theme across top technology trends?

    @smallersecurity

    High-IQ Networks

    Personalization of Service Consumerization of IT

    Enterprise Clouds

    Big Data

    M2M2P

    Video

    Compliance

    Social Enterprise

    Energy Efficiency

    DATA
    @smallersecurity

    Mobility
    and Cloud fuel each of these trends.

    @smallersecurity

    Security is about Risk

    Risk

    Assets

    Vulnerabilities

    Threats

    @smallersecurity

    How do we secure

    mobile today?
    @smallersecurity

    Programs and Technologies

    @smallersecurity

    16

    Programs and Technologies

    Risk Assessment

    Security Policy

    Organization of Info Security

    Asset Management

    Human Resources Management

    Physical & Environment Security

    Communication & Ops Mgmt

    Access Control

    Info Systems Acquisition, Dev, & Maintenance

    Info Security Incident Management

    Business Continuity Management

    Compliance

    @smallersecurity

    17

    Programs and Technologies

    App Security

    Anti-X

    Configuration Management

    DLP

    Encryption

    IAM, NAC

    Patching

    Policy Management

    Threat Management

    VPN

    Vulnerability Management

    @smallersecurity

    18

    Multiple Approaches

    @smallersecurity

    19

    Multiple Approaches

    Really?
    Single
    Risk Assessment
    Asset Management Comms & Ops Mgmt
    Info Security Incident Management

    Worst Case
    Security Policy
    Human Resources Management Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance

    Risk Assessment
    Asset Management Comms & Ops Mgmt
    Info Security Incident Management

    Security Policy
    Human Resources Management

    Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance

    Risk Assessment
    Asset Management Comms & Ops Mgmt
    Info Security Incident Management

    Security Policy
    Human Resources Management

    Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance

    Risk Assessment
    Asset Management Comms & Ops Mgmt
    Info Security Incident Management

    Security Policy
    Human Resources Management

    Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance

    Risk Assessment
    Asset Management Comms & Ops Mgmt
    Info Security Incident Management

    Security Policy
    Human Resources Management

    Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance

    Risk Assessment
    Asset Management Comms & Ops Mgmt
    Info Security Incident Management

    Security Policy
    Human Resources Management

    Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance

    Access Control
    Business Continuity Management

    Access Control
    Business Continuity Management

    Access Control
    Business Continuity Management

    Access Control
    Business Continuity Management

    Access Control
    Business Continuity Management

    Access Control
    Business Continuity Management

    App Security

    Anti-X

    Config Mgmt

    App Security

    Anti-X

    Config Mgmt

    App Security

    Anti-X

    Config Mgmt

    App Security

    Anti-X

    Config Mgmt

    DLP

    Encryption

    IAM, NAC

    DLP

    Encryption

    IAM, NAC

    DLP

    Encryption

    IAM, NAC

    DLP

    Encryption

    IAM, NAC

    Patching

    Policy Mgmt Vuln. Mgmt

    Threat Mgmt

    Patching

    Policy Mgmt Vuln. Mgmt

    Threat Mgmt

    Patching

    Policy Mgmt Vuln. Mgmt

    Threat Mgmt

    Patching

    Policy Mgmt Vuln. Mgmt

    Threat Mgmt

    VPN

    VPN

    VPN

    VPN

    Security Programs

    Risk Assessment
    Asset Management Comms & Ops Mgmt
    Info Security Incident Management

    Security Policy
    Human Resources Management

    Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance

    Risk Assessment
    Asset Management Comms & Ops Mgmt
    Info Security Incident Management

    Security Policy
    Human Resources Management

    Organization of Info Security Physical & Environment Security Info Systems Acquisition, Dev, & Maint. Compliance

    Access Control
    Business Continuity Management

    Access Control
    Business Continuity Management

    App Security

    Anti-X

    Config Mgmt

    App Security

    Anti-X

    Config Mgmt

    App Security

    Anti-X

    Config Mgmt

    App Security

    Anti-X

    Config Mgmt

    DLP

    Encryption

    IAM, NAC

    DLP

    Encryption

    IAM, NAC

    DLP

    Encryption

    IAM, NAC

    DLP

    Encryption

    IAM, NAC

    Patching

    Policy Mgmt Vuln. Mgmt

    Threat Mgmt

    Patching

    Policy Mgmt Vuln. Mgmt

    Threat Mgmt

    Patching

    Policy Mgmt Vuln. Mgmt

    Threat Mgmt

    Patching

    Policy Mgmt Vuln. Mgmt

    Threat Mgmt

    VPN

    VPN

    VPN

    VPN

    Multiple

    Nirvana

    Good

    Single

    Multiple

    Security Technology Sets


    @smallersecurity

    Heres an approach

    @smallersecurity

    Inventory (must)

    Classify (must)

    Data-Centric

    Approach
    (Follow the data)

    Destroy* (ideal)

    Protect

    Monitor

    @smallersecurity

    Data-Centric Security Model

    Data-centric

    security is
    business-centric

    security
    @smallersecurity

    Data-Centric Security Model

    To protect the

    data, protect
    whats around it

    too
    @smallersecurity

    Data-Centric Security Model

    GRC and

    Intelligence
    define security

    program
    @smallersecurity

    Data-Centric Security Model

    Start with

    assets,
    end with the

    controls

    @smallersecurity

    How do we execute?

    @smallersecurity

    Categorize Data Inventory Data

    Destroy Data

    Data-Centric Security: A Recipe

    Inventory Users Define Business Processes Mobile Environment Definition

    Entitlement Definition
    Implement Control Requirements Monitor Control Effectiveness
    @smallersecurity

    What about Apps?

    @smallersecurity

    What about Apps?

    Apps have overtaken browsing

    Cant impede app

    proliferation, but
    30 billion app downloads from Apple's App Store

    how do you know

    which to trust?

    @smallersecurity

    What about the Network?


    (Its not just for transport)

    @smallersecurity

    Key security imperatives:


    1) 2)

    Data Governance Application Governance

    @smallersecurity

    Network can help

    Simplify security program

    Apps matter

    Follow the data Doing things right & Business Context Doing the right things

    @smallersecurity

    Question
    and

    Answers

    @smallersecurity

    T h a n k Yo u
    o m a r.kha wa j a@ ve r i z o nb usi ne ss.co m
    @smallersecurity

    PROPRIETAR Y STATEMENT

    This document and any attached materials are the sole property of Verizon and are not to be used by you other than to evaluate Verizons service. This document and any attached materials are not to be disseminated, distributed, or otherwise conveyed throughout your organization to employees without a need for this information or to any third parties without the express written permission of Verizon. 2011 Verizon. All Rights Reserved. The Verizon and Verizon Business names and logos and all other names, logos, and slogans identifying Verizons products and services are trademarks and service marks or registered trademarks and service marks of Verizon Trademark Services LLC or its affiliates in the United States and/or other countries. All other trademarks and service marks are the property of their respective owners.

    @smallersecurity

    Developed and Designed by

    Salahuddin Khawaja
    salahk@gmail.com

    More at Decklaration.com
    ABOUT THE AUTHOR
    Salah has 14 years of experience, primarily in the Financial Services Industry. Before joining JP Morgan he

    spent 11 years at Deloitte & Touche helping Fortune 500


    clients with various types of Strategic Initiatives. He is currently is based in Hong Kong with responsibility for delivering the next generation platform for Securities Processing.

    Areas of Expertise: Strategy Development, Business Transformation, System Integration, Program & Project Management, Mobile Strategy, Data Analytics, Executive Presentations Sample Clients: Bank of America, Citi , MasterCard

    37

    Potrebbero piacerti anche