1 / 15

Integrated Security Solutions

Integrated Security Solutions. Highland Technology Services Inc. What security is and isn’t. Security isn’t an appliance Security isn’t an afterthought Effective security requires a specific plan with specific goals and continued diligence

lapis
Download Presentation

Integrated Security Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrated Security Solutions Highland Technology Services Inc.

  2. What security is and isn’t • Security isn’t an appliance • Security isn’t an afterthought • Effective security requires a specific plan with specific goals and continued diligence • Security isn’t a template. Needs are individual and can vary greatly • Good security requires redundant controls on all fronts • Security requires both technical and procedural components to be effective • A security plan must be holistic with each piece working in concert to provide the utmost security with the least amount of inconvenience • Good Security relies on implicit denial; If it isn’t explicitly needed it is denied.

  3. Barriers to Success • It’s time consuming • It’s resource intensive • It’s complex • But it’s necessary And Highland can help…

  4. How do you achieve Good Security? • By creating a formal assessment to fully understand an organizations needs • By formulating a high level policy from that assessment and creating specific achievable goals to reach dictums of that policy • Create a stepwise implementation of solutions that effectively achieve the goals of an orgainzation’spolicy with the smallest inconvenience to users • Must be living.

  5. The “Integrated” in Integrated Security Solutions Integrated has two meanings: • Security should be integral to the way an organization does its business. Every process, procedure, policy and function should be assessed for and have a security component. • Each piece of an organization’s environment should part of an integrated whole • Like pieces of a puzzle, unless they fit together, it isn’t a pretty picture. Keep in mind least privilege • Understand what the organization mission needs then design a secure way to meet those needs and deny everything else.

  6. The “Security” in Integrated Security Solutions The operational security triple(CIA): • Confidentiality • Integrity • Availability

  7. The “Solution” in Integrated Security Solutions • Security requires a deductive approach • Solutions require and inductive approach • Requires high level participation • Must address organization as a whole • Coordinated specific actions are taken to address needs and risk • A fundamental part of the way you do business

  8. Step 1: Assessing your Environment and needs • Need/Risk Assessment • Cost/Benefit Analysis • Current state of affairs

  9. Step 2: Security Policy • An underlying theme • Key personnel • Start closed and move to open • Each element of access should explain need • High level standards policies and procedures • Achievable timelines and goals • Accepted risk • Review and change management processes

  10. Step 3: Implementing Security measures • Administrative controls • Standards, policies and procedures • Technical controls • Access controls, Authentication and Authorization, encryption, redundancy • Physical controls • Access controls, item destruction, HVAC

  11. Step 4: Review • Scheduled periodic review • Change management • Metrics • Repeat

  12. Notorious mistakes • Caught up in the newest technology • Security is not an appliance • Misconfiguration • A misconfigured firewall is a liability not an asset • Glaring holes • Only as strong as the weakest link • Piecemeal • Inconsistent implementation, exceptions to the rule, un-interoperable components • Disorganized • Inconvenient • Reactive

  13. HTSI and Integrated Security Solutions • Security is our business • We’ve done this before and can demonstrate past performance • Work with what an organization got, to get them where you want to go • Solution oriented

  14. Take Home Message • Security is not an afterthought • A supported security policy • Stepwise process to achieve the goals of that policy • Managing to specific need • Integrated proactive solution

  15. Questions, Comments? Thank you Highland Technology Services Inc.

More Related