Developing a 360° view of risk and compliance

© 2013 Trustwave Holdings, Inc. 1

Michael Aminzade, Trustwave

Developing a 360° view of risk and compliance


Who We Are WHO WE ARE Company facts and figures

ESTABLISHED

TRUSTED

GLOBAL

GROWING

INNOVATING

1995

BY OVER 2.5 MILLION BUSINESSES

NOW OVER 1,200 EMPLOYEES

CUSTOMERS IN 96 COUNTIRES

OVER 50 PATENTS & COUNTING

Global Threat

Database feeds

technologies and

services with threat

intelligence

Selected by more

enterprises for

compliance – chosen

more often than the

next 10 service

providers combined

Industry’s most

holistic portfolio of

security technologies

delivered through

TrustKeeper®

*+30 patents granted; +20 patents pending


WHAT WE DO Data Security and Compliance

Compliance on Demand • Cloud-based Management

• Multi-compliance Framework

• Risk Assessment Services

Intelligence on Demand • Managed Security Testing (MST)

• Incident Response and Readiness

• Research & Advisory

Security on Demand • Complete Managed Service Portfolio

• Advanced Threat Correlation

• Global Operations Centers


AWARD-WINNING PORTFOLIO

MANAGED SECURITY SERVICES

Leader in Managed Security Services

MSSP Growth Leadership Award

Best Managed Security Service (finalist)

Best Global Security Company (finalist)

TECHNOLOGIES

Best Anti-Malware Solution

Web Content Filtering Award for Secure Web Gateway

Best Network Access Control Product

Best Network Security (Web Application Firewall) (finalist)

SECURITY MANAGEMENT

Best Enterprise Security Solution (SIEM)

Best Security Information/Event Manager Appliance

(SIEM) (finalist)

Best Integrated Security Solution (SIEM) (finalist)

INNOVATIONS

Innovation Award (Trustwave TrustKeeper)

Innovation Award (PenTest Manager)

Innovator (Data Loss Prevention)

Best Regulatory Compliance Solution (finalist)

Best Fraud Prevention (DLP, ENC, NAC, SIEM) (finalist)


PROMINENT THOUGHT LEADERSHIP

2013 GLOBAL SECURITY REPORT

Based on analysis of:

• More than 450 incident response

investigations and 2,500 pen tests

• More than 2 million network and

application vulnerability scans

• More than 400 Web-based data

breaches

• More than 20 billion e-mails

And contributions from law

enforcement agencies worldwide.

Download the full report: https://www.trustwave.com/2013GSR


UNDERSTAND

YOUR THREAT

LANDSCAPE


THE BIG PICTURE Trustwave proprietary data & threat intelligence

>450

>2M >9M >20B

INCIDENT

RESPONSE

& FORENSIC

INVESTIGATIONS

NETWORK & APPLICATION VULNERABILITY SCANS

WEB APPLICATION ATTACKS RESEARCHED

EMAILS COLLECTED FROM 2007 TO 2012

>2500

>5M ~400 >3M

PENETRATION TESTS

MALICIOUS WEBSITES ANALYZED

PUBLICLY DISCLOSED WEB BREACHES IN 2012 ANALYZED

REAL-WORLD PASSWORDS ANALYZED FOR USAGE & WEAKNESS TRENDS


THE BIG PICTURE A global problem


GET THERE FIRST: THREAT INTELLIGENCE Businesses slow to detect

TIMELINE: INTRUSTION TO CONTAINMENT

AVERAGE: 210 DAYS TO DETECTION


MOST ATTACKED: APPLICATIONS Web & Mobile applications


UP & COMING: MOBILE DEVICES Mobile Malware exploded

400% 2012


WEAKEST LINK: EMPLOYEES & USERS Top 25 passwords


WEAKEST LINK: EMPLOYEES & USERS Keyword usage in passwords


MANAGING

RISK IN YOUR

ORGANISATION


TODAY’S SECURITY LANDSCAPE

Web & Social

Media

Mobile &

BYOD

Web & Mobile

Applications Big Data

BUSINESS ENABLERS CYBERCRIME

REGULATIONS

BREACHES


HOW MUCH RISK ARE YOU WILLING TO ACCEPT?


360°: POTENTIAL AREAS OF RISK

Management and Governance

Your organisation Policy and Procedure

Security Maintenance

Technical Controls

Physical Security

Business Strategy


ARE YOU ASKING THE RIGHT QUESTIONS?

MANAGEMENT & GOVERNANCE

What is your senior

managements level of

involvement in defining your

level of risk and are the

necessary disaster recovery

measures in place?

POLICY & PROCEDURE

Do you have the structures in

place to enable your

employees to report security

incidents and are you fully

aware of your legal

responsibilities?

SECURITY MAINTENANCE

How often do you assess and

test your business critical

applications and systems and

do you have a change control

structure in place?

TECHNICAL CONTROLS

Do you have the necessary

technical solutions and

controls in place to prevent

unauthorised access to your

systems and data?

PHYSICAL SECURITY

How do you monitor and

control physical access to

your business critical

locations and data storage

centres?

BUSINESS STRATEGY

Do you store and process

sensitive data and how do you

manage access to that

information for either remote

employees or third-party

vendors?


RISK

MATURITY

ASSESSMENT


TRUSTWAVE RISK MATURITY ASSESSMENT Understand your current level of risk

WHY TAKE THE TRUSTWAVE RISK MATURITY ASSESSMENT

• A detailed report with customised recommendations to

help you identify areas of risk across your organisation

• Benchmark your organisation against industry standards

and best practices

WHAT IS THE TRUSTWAVE RISK MATURITY ASSESSMENT

• Online multiple choice questionnaire, taking no more

than 5 - 10 minutes to complete

• Developed by our experienced RISK consultants as a

result of customer feedback

Take your complimentary risk assessment today: https://www2.trustwave.com/risk-maturity-assessment.html?ls=EBF


WANT TO KNOW MORE?

Contact our distributor in Sweden:

Inuit AB

www.inuit.se

[email protected]

+46 (0)8 753 05 10

http://www.inuit.se/

mailto:[email protected]


THANK YOU.

QUESTIONS?

Developing a 360° view of risk and compliance

Technology

Transcript of Developing a 360° view of risk and compliance