1 / 13

Security and business continuity in ICT : a case study by Orange

This presentation discusses the use of normative references for security and business continuity in the context of developing countries. It explores trends observed in the ICT industry and presents Orange's approach and methodology for security management. The presentation concludes with recommendations for maintaining adequacy to local requirements and addressing real-life threats.

dmayne
Download Presentation

Security and business continuity in ICT : a case study by Orange

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITU Workshop on “ICT Security Standardizationfor Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Security and business continuity in ICT : a case study by Orange Francois Zamora, Global security management system Corporate Security Department, Orange Group francois.zamora@orange.com

  2. Purpose of this presentation To exchange on how normative references are used for security and business continuity To detect opportunities in the context of developing countries • Orange • Trends observed • Selected approach and methodology in Orange security function

  3. Orange’s footprint

  4. Some trends observed • ICT • mutates • concentrates • outsources • isexposed • enables new fields • Regulatory • European Critical Infrastructures, started with energy, transports and interlinks ICT. • France reformulates Europe’s vision • Influences on developing countries • Standardization • Information security • BCM • Privacy • Cloud security (provider and consumer) • Management systems for records • SCADA security • …

  5. A vision shared in France courtesy : HCFDC, Feb 2013 (Laurent Ducamin, SGDSN)

  6. Case study All these sectors are interlinked with strong interdependencies leading to complex representations and challenging requirements Orange selected an approach and methodologies to clarify and address ICT security and resilience in a context of strong technological mutations

  7. Approach • Orange Global security standard • Global security management system • Use and map external references • Clarify requirements and maintain watch • Manage risks and comply • Continuously improve • Certify for business, re-use for compliance

  8. Methodology • Identifying critical scopes of services, activities and processes : Risk identification and management with ISO/IEC 27005 • Continuous improvements with ISO/IEC 27001, and 22301 • Use and map other normative references • Maintain watch to assess effects : • from and on Cloud-computing-based infras • from the virtualization trends of network equipments • from and upon key providers • from the conquest of new fields of services

  9. Conclusions and Recommendations • Thanks to a risk approach : effort is focused on critical functions and only relevant references are selected • Maintaining watch enables : adequacy to local requirements and proportionality of effort with real-life threats

  10. Thank you backup slides follow

  11. disctinctive features and strength

  12. Orange’s weight

  13. Orange’s networks overviewfor the enterprise market

More Related