IT SECURITY STRATEGY: PROTECTING YOUR KEY CORPORATE ASSETS
Tech Data
Non-Disclosure• This discussion is under our
mutual nondisclosure agreement.
Purpose of Our Discussion• Decide if we should expand our relationship• Identify your questions and concerns about your IT
security• Identify whether your issues are within our expertise • Report our findings about security issues• Establish next-step recommendations based on your
situation• Create an action plan for your consideration.
Introductions• Your team
• Role, responsibility, experience• What would make this a valuable meeting for you?
• Our team• Role, responsibility, experience
Why Security?• IT is the engine of your
business: When it’s compromised, you’re at risk
• Your assets have value that bad guys want.
Why Our Customers Choose Us• Local, responsive and concerned means we’ll be there
when called• Experienced in delivering and securing IT in all varieties:
traditional, cloud, blended systems, mobile• Deep network of resources to solve unique situations• We work until the the problem is resolved• We take a holistic view and focus on growing our
customer’s business by judicious application of IT.
What Gets Secured…?
• What do you want to protect? • How much do you want
to protect it?
• What’s vulnerable?• Human failure• Equipment failure• Malicious attack.
What Gets Secured…?• What’s valuable?
• What can and can’t you live without?
• What are you legally required to protect? • Defend this first or you could
go to jail
• What do you need to operate your business?• Defend that next or you could
go out of business.
What Gets Secured?• What is impossible to replace
and what can be covered by insurance?
• What’s a trade secret and what’s common knowledge?
Your Key Assets: • People – employees, customers, key vendors and
stakeholders• Property – physical, electronic and intellectual• Processes – the procedures used to successfully conduct
business• Proprietary data – trade secrets, confidential information
and personal data.
The Outcome of Security• Availability of corporate assets• Integrity of those assets• Confidentiality of assets that are private• Accountability, making those who access the data
responsible for their behavior.
The Value of Security…• Increases staff efficiencies
from not having to individually deal with security issues like spam, viruses and rogue email
• Increases in systems efficiency created by the security system because of upgraded technology
• Eliminates cost of security breaches from unpatched software.
Security is a Real Challenge• New IT threats every second• High-profile attacks• New attack points
• Mobile devices• Data leakage• Social engineering.
Seven Security Layers1. Access control
2. Deter intrusion
3. Detect intrusion
4. Determine attack nature
5. Delay further access
6. Defend
7. Recover.
The Value of Security• Reduces legal exposure from
unsecured premises and computer systems
• Increases sales based on improved security and stability
• Reduces business interruptions caused by security breaches.
Your Security Concerns• What do you need to secure?• What would it be worth to
secure that?• What would it cost if it wasn’t
secured?• What is your security policy?
What Would You Like to Have Happen?• What would it be like if
everything worked correctly?• How will you know who to
choose?
Our Recommendations• Assessment• Security policy• Remediation plan• Policy audit and implementation• Bring compliance up-to-date• Adjust implementation of
policies.
Assessment• Review your situation using the
seven layer security model• Identify any issues• Recommend any specific
actions with cost/risk analysis• If we find nothing, you’re just
being cautious.
Security Policy• Review your security policy• Look for completeness • Look for areas that have
changed• Mobile• New compliance mandates.
Remediation Plan• If required
Policy Audit and Implementation• Audit for compliance• Education where needed• Help your team with
enforcement strategies.
Proposed Next Steps• Agree to an assessment• Our security team will perform
this• Meet for a review of findings• Decide the next step, if any.
Schedule the Next Meetings• Assessment
• Who and when
• Report of findings• Executive team• Two weeks later.
