Data Driven Infosec Services
-
Upload
wremes -
Category
Technology
-
view
395 -
download
1
description
Transcript of Data Driven Infosec Services
![Page 1: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/1.jpg)
A new approach to information security services
10011101101110111011101110101010000010011010010011001111011000011001111000
A data-driven services portfolio
![Page 2: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/2.jpg)
We’re competing in a lemon market ...now what ?
![Page 3: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/3.jpg)
10011101101110111011101110101010000010011010010011001111011000011001111000
The service provider that understands the art of making use of datawins the trust of the client.
“
”
![Page 4: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/4.jpg)
Data driven services
penetration testing
vulnerability management
securitymonitoring
incidentresponse
SDLCservices
securityarchitecture
10011101101110111011101110101010000010011010010011001111011000011001111000
![Page 5: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/5.jpg)
Data driven services
collect
store
analyze
- create data model per service- ensure consistent collection
- create security data warehouse- store data according to data model
- create analysis use cases- generate intelligence from collected data
10011101101110111011101110101010000010011010010011001111011000011001111000
![Page 6: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/6.jpg)
Data modelspenetration testing
10011101101110111011101110101010000010011010010011001111011000011001111000
Client
VerticalSize ($)
HeadcountSecurity Team
Security budget
TestScopeTypeSize
Timeframe
SubjectTypeSize
Criticality
FindingType
DescriptionThreatImpact
<client><clientdata>
<vertical>Healthcare</vertical><size>200,000,000</size><headcount>1500</size><secteam>5</secteam><secbudget>1,000,000</secbudget>
</clientdata><test>
<scope>Surgeon Webapp</scope><type>WebApp</scope><size>3</size><timeframe>5</timeframe><testsubject>
<type>front-end server</type><size>20</size><criticality>9</criticality><finding>
<type>XSS</type><description>stored XSS by authenticated user</description><threat>low</threat><impact>high</impact>
</finding></testsubject>
</test></client>
![Page 7: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/7.jpg)
Data modelsvulnerability management
10011101101110111011101110101010000010011010010011001111011000011001111000
(TBD)
![Page 8: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/8.jpg)
Data modelssecurity monitoring
10011101101110111011101110101010000010011010010011001111011000011001111000
(TBD)
![Page 9: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/9.jpg)
How ?10011101101110111011101110101010000010011010010011001111011000011001111000
DBData entry
Consultants
Reporting
Sales/Marketing/Management
Reporting
Clients
$$$$$
Reportin
g
Consu
lting
Clients
Data entry
![Page 10: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/10.jpg)
Why ?10011101101110111011101110101010000010011010010011001111011000011001111000
Client• expects our expertise beyond engagement• lacks bandwidth for data analysis• requires more data for various purposes
compliance, risk management, reporting, ...
We• require a USP in a lemon market• require data to improve service quality• require data to improve service profitability• desire to deepen relationship with customer
![Page 11: Data Driven Infosec Services](https://reader034.fdocuments.in/reader034/viewer/2022052310/556427a3d8b42a69298b5326/html5/thumbnails/11.jpg)
10011101101110111011101110101010000010011010010011001111011000011001111000
Question
Answer
Answer=
Satisfactory?
End