data driven infosec services
DESCRIPTION
A short preso about data-driven security services.TRANSCRIPT
A new approach to information security services
10011101101110111011101110101010000010011010010011001111011000011001111000
A data-driven services portfolio
We’re competing in a lemon market ...now what ?
10011101101110111011101110101010000010011010010011001111011000011001111000
The service provider that understands the art of making use of datawins the trust of the client.
“
”
Data driven services
penetration testing
vulnerability management
securitymonitoring
incidentresponse
SDLCservices
securityarchitecture
10011101101110111011101110101010000010011010010011001111011000011001111000
Data driven services
collect
store
analyze
- create data model per service- ensure consistent collection
- create security data warehouse- store data according to data model
- create analysis use cases- generate intelligence from collected data
10011101101110111011101110101010000010011010010011001111011000011001111000
Data modelspenetration testing
10011101101110111011101110101010000010011010010011001111011000011001111000
Client
VerticalSize ($)
HeadcountSecurity Team
Security budget
TestScopeTypeSize
Timeframe
SubjectTypeSize
Criticality
FindingType
DescriptionThreatImpact
<client><clientdata>
<vertical>Healthcare</vertical><size>200,000,000</size><headcount>1500</size><secteam>5</secteam><secbudget>1,000,000</secbudget>
</clientdata><test>
<scope>Surgeon Webapp</scope><type>WebApp</scope><size>3</size><timeframe>5</timeframe><testsubject>
<type>front-end server</type><size>20</size><criticality>9</criticality><finding>
<type>XSS</type><description>stored XSS by authenticated user</description><threat>low</threat><impact>high</impact>
</finding></testsubject>
</test></client>
Data modelsvulnerability management
10011101101110111011101110101010000010011010010011001111011000011001111000
(TBD)
Data modelssecurity monitoring
10011101101110111011101110101010000010011010010011001111011000011001111000
(TBD)
How ?10011101101110111011101110101010000010011010010011001111011000011001111000
DBData entry
Consultants
Reporting
Sales/Marketing/Management
Reporting
Clients
$$$$$
Reportin
g
Consu
lting
Clients
Data entry
Why ?10011101101110111011101110101010000010011010010011001111011000011001111000
Client• expects our expertise beyond engagement• lacks bandwidth for data analysis• requires more data for various purposes
compliance, risk management, reporting, ...
We• require a USP in a lemon market• require data to improve service quality• require data to improve service profitability• desire to deepen relationship with customer
10011101101110111011101110101010000010011010010011001111011000011001111000
Question
Answer
Answer=
Satisfactory?
End