the security ecosystem
TRANSCRIPT
CHANCES ARE YOU WILL BE BREACHED.It’s a matter of when and how bad.
START
ARE YOUPREPARED?
STOP
YOU CAN BE IF YOU...
ARE ACCOUNTABLE TO THE BUSINESS
PERFORM DUE DILIGENCE
TURN DATA INTO ACTIONABLE INSIGHT
ACCOUNTABLE TO THE BUSINESS? YES, THROUGH STRATEGY.
Relate your security efforts to your business – organizational objectives, industry context, compliance requirements, critical assets, business processes and risksyou’re willing to take.
DUE DILIGENCE? YES, BY INVOLVING THE BUSINESS.
Interview the people on the front lines of the business, the ones who own process. They know what business-critical data really is and what really has value.
Ask them, “If someone were to come in and steal something from you, what would freak you out the most? What would have the most impact on YOUR line of business?”
DATA INTO ACTIONABLE INSIGHT? YES, YOU’LL BECOME MORE AWARE AND MAKE BETTER DECISIONS.
When you get to the right data, you’ll have understanding and visibility. In other words, AWARENESS.
When you take everything you know and learn, focus and prepare, you’ll have better control and the foundation for resiliency. In other words, INTELLIGENCE.
SO HOW DO YOU GET THERE? It’s not a destination, rather a constant iteration.iteration.
IT’S BUILDING CAPABILITIES. You don’t have to be a superstar in all of them. But you should be doing all of them.
Capabilities
Bu
ildPrepare
Opera
te
Respond
IT’S WORKING TOWARD DEFINED OUTCOMES — strategic, proactive, ongoing and restored security
CapabilitiesOutcomes
Bu
ildPrepare
Opera
te
Respond
Strat
egic Proactive
Ongoin
g
Restored
BUILD: focus on strategy, compliance, policies, business context, technology controls and implementation.
Capabilities
Bu
ild
Respond
CapabilitiesOutcomes
Bu
ild
Opera
te
Strat
egic
IF YOU BUILD RIGHT, YOUR SECURITY WILL BE STRATEGIC
compliant; policy driven; aligned with the business; having the right controls, from the right vendors, implemented properly
Capabilities
PREPARE: gather constant insight, test and identify vulnerabilities.
Bu
ildPrepare
Stratata
egic
CapabilitiesOutcomes
Bu
ildPrepare
Stratata
egic Proactive
IF YOU PREPARE RIGHT, YOUR SECURITY WILL BE PROACTIVE
constant insight, testing and vulnerability identification
Capabilities
Bu
ildPrerer parerer
Opera
te
Stratata
egic Proror active
OPERATE: focus on monitoring the process, health and analytics.
CapabilitiesOutcomes
Bu
ildPrerer parerer
Opera
te
Stratata
egic Proror active
Ongoin
g
IF YOU OPERATE RIGHT, YOUR SECURITY WILL BE ONGOING devices and analysis
Capabilities
Bu
ildPrerer parerer
Opera
te
Respond
Stratata
egic Proror active
Ongoin
g
RESPOND: act quickly, with insight when events do occur.
CapabilitiesOutcomes
Bu
ildPrerer parerer
Opera
te
Respond
Stratata
egic Proror active
Ongoin
g
Restored
IF YOU RESPOND RIGHT, YOUR SECURITY WILL BE RESTORED.
And you’ll have the insight you need to pivot and adapt in the build, prepare and operate stages until you need to respond again.
THINK ABOUT THIS: if you have great operations, but your strategy is off, you’re probably going to fail to achieve business outcomes and protect critical assets.
YOU CAN HAVE AWESOME STRATEGY AND OPERATIONS, but without the ability to respond, you’ll probably kick yourself if something does happen.
ANY ONE WEAKNESS, IN ANY AREA,
can impact your overall security.
FIND YOUR BALANCE,
and you’ll find better outcomes.
WHY SHOULD I CARE? Glad you asked.
Bu
ildPrepare
Operate
Respond
Strat
egic Proactive
Ongoin
g
Restored
WHY SHOULD I CARE? Glad you asked.
If your wheel (we like to call it an ecosystem) is in balance…
CapabilitiesOutcomes
Bu
ildPrepare
Operate
Respond
Strat
egic Proactive
Ongoin
g
Restored
WHY SHOULD I CARE? Glad you asked.
If your wheel (we like to call it an ecosystem) is in balance...
…then you’re running a MATURE security practice.
CapabilitiesOutcomes
WHAT’S THE VALUE OF MATURITY?
WHAT’S THE VALUE OF MATURITY?
In security, a lot.
WHAT’S THE VALUE OF MATURITY?
In security, a lot. ■ You’ll be realizing business outcomes more consistently
WHAT’S THE VALUE OF MATURITY?
In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be more aware
WHAT’S THE VALUE OF MATURITY?
In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be way more aware■ That big, bad breach won’t seem so big and bad after all
WHAT’S THE VALUE OF MATURITY?
In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be way more aware■ That big, bad breach won’t seem so big and bad after all■ You’ll constantly be getting better
WHAT’S THE VALUE OF MATURITY?
In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be way more aware■ That big, bad breach won’t seem so big and bad after all■ You’ll constantly be getting better■ You’ll have the info you need to change your strategy, how you operate and what you test for
WHAT’S THE VALUE OF MATURITY?
In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be way more aware■ That big, bad breach won’t seem so big and bad after all■ You’ll constantly be getting better■ You’ll have the info you need to change your strategy, how you operate and what you test for■ And you’ll be kicking some benchmarking butt
GREAT, SO NOW WHAT DO I DO?
GREAT, SO NOW WHAT DO I DO?
We’d thought you’d never ask.
CALL TELUS. NOT the phone guys.
The security experts. Yes, the security experts. US.
We have really strong capabilities to help you build, prepare, operate and/or respond.
JUST ASK IDC! IDC recognized TELUS as a leader in the managed security services market in Canada.
Don’t believe the phone guys are also the security pros? Check out what we offer.
Stage Customer Responsibilities
Security Services Outcomes
BuildIdentify business need, determine risktolerance, develop governance and management frameworks, build security roadmap, align budgets, develop strategy, determine resources, align tactical controls to business needs, identify required controls and associated capabilities, compare options, design security infrastructure/architecture, deploy tactical controls.
■ Security Governance Review■ Security Framework Optimization■ Design and Architecture■ Controlled Delivery
Strategic Security – sound security investments, risk management, reasonable controls
PrepareMonitor compliance with regulatory and internal standards, monitor policy framework, threat and vulnerability testing, demonstrate the evidence
■ Security exposure identification■ Validation of existing controls■ Recommendations for exposure resolution
Proactive Security – the security that was built and that is operating is working as intended; insight to amend policies, procedures and controls to get to adequate and effective security
OperateProgram management, monitor activity, track incidents (trends and metrics), detect anomalies and malicious threats, counteract threats (technical or procedural controls), security status reporting (metrics).
■ Next Gen Firewalls■ IPS■ SIEM■ Email & Web Security■ Security Monitoring & IA■ Program Management
Ongoing Security -- auditable, repeatable, outcome-focused security that enables continuous improvement
RespondRestore security, respond to cyber risk, remediate, perform retrospective, communications plan, revisit security strategy.
■ Forensic Investigation■ Data analysis■ Incident handling and recovery■ Damage assessment
Restored Security – back to business and more resilient, aware security
WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS.
WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS.
Why? Because we have: track record (proven approaches and solutions); partnership (learn, fail and win with you); substance (all this great security stuff from ONE provider); specialists (recognized experts with specific focus).
WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS.
Why? Because we have: track record (proven approaches and solutions); partnership (learn, fail and win with you); substance (all this great security stuff from ONE provider); specialists (recognized experts with specific focus).
And most importantly: WE’VE BEEN THERE. We’ve been where you are, doing what you’re doing – we’ve faced the day-to-day realities of what we’re selling.
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE.
We can help to guide your journey.To be aware. To be intelligent. To be resilient. To be prepared.
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE.
We can help to guide your journey.To be aware. To be intelligent. To be resilient. To be prepared.
■ It’s more than a product or a service
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE.
We can help to guide your journey.To be aware. To be intelligent. To be resilient. To be prepared.
■ It’s more than a product or a service■ It’s more specialist than generalist
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE.
We can help to guide your journey.To be aware. To be intelligent. To be resilient. To be prepared.
■ It’s more than a product or a service■ It’s more specialist than generalist■ It’s finding the gaps and filling them
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE.
We can help to guide your journey.To be aware. To be intelligent. To be resilient. To be prepared.
■ It’s more than a product or a service■ It’s more specialist than generalist■ It’s finding the gaps and filling them■ It’s partnering. It’s speaking the same language
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE.
We can help to guide your journey.To be aware. To be intelligent. To be resilient. To be prepared.
■ It’s more than a product or a service■ It’s more specialist than generalist■ It’s finding the gaps and filling them■ It’s partnering. It’s speaking the same language ■ It’s more than a sale. It’s making the right short-term decisions for the right long term outcomes
SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE.
We can help to guide your journey.To be aware. To be intelligent. To be resilient. To be prepared.
■ It’s more than a product or a service■ It’s more specialist than generalist■ It’s finding the gaps and filling them■ It’s partnering. It’s speaking the same language ■ It’s more than a sale. It’s making the right short-term decisions for the right long term outcomes■ It’s TELUS Security Solutions. One security provider. One focus. Making sure you’re prepared for the inevitable
Become more aware, resilient and prepared. Find out more at telus.com/talkssecurity