the security ecosystem

CHANCES ARE YOU WILL BE BREACHED.It’s a matter of when and how bad.

START

ARE YOUPREPARED?

STOP

YOU CAN BE IF YOU...

ARE ACCOUNTABLE TO THE BUSINESS

PERFORM DUE DILIGENCE

TURN DATA INTO ACTIONABLE INSIGHT

ACCOUNTABLE TO THE BUSINESS? YES, THROUGH STRATEGY.

Relate your security efforts to your business – organizational objectives, industry context, compliance requirements, critical assets, business processes and risksyou’re willing to take.

DUE DILIGENCE? YES, BY INVOLVING THE BUSINESS.

Interview the people on the front lines of the business, the ones who own process. They know what business-critical data really is and what really has value.

Ask them, “If someone were to come in and steal something from you, what would freak you out the most? What would have the most impact on YOUR line of business?”

DATA INTO ACTIONABLE INSIGHT? YES, YOU’LL BECOME MORE AWARE AND MAKE BETTER DECISIONS.

When you get to the right data, you’ll have understanding and visibility. In other words, AWARENESS.

When you take everything you know and learn, focus and prepare, you’ll have better control and the foundation for resiliency. In other words, INTELLIGENCE.

SO HOW DO YOU GET THERE? It’s not a destination, rather a constant iteration.iteration.

IT’S BUILDING CAPABILITIES. You don’t have to be a superstar in all of them. But you should be doing all of them.

Capabilities

Bu

ildPrepare

Opera

te

Respond

IT’S WORKING TOWARD DEFINED OUTCOMES — strategic, proactive, ongoing and restored security

CapabilitiesOutcomes

Bu

ildPrepare

Opera

te

Respond

Strat

egic Proactive

Ongoin

g

Restored

BUILD: focus on strategy, compliance, policies, business context, technology controls and implementation.

Capabilities

Bu

ild

Respond


Bu

ild

Opera

te

Strat

egic

IF YOU BUILD RIGHT, YOUR SECURITY WILL BE STRATEGIC

compliant; policy driven; aligned with the business; having the right controls, from the right vendors, implemented properly

Capabilities

PREPARE: gather constant insight, test and identify vulnerabilities.

Bu

ildPrepare

Stratata

egic


Bu

ildPrepare

Stratata

egic Proactive

IF YOU PREPARE RIGHT, YOUR SECURITY WILL BE PROACTIVE

constant insight, testing and vulnerability identification

Capabilities

Bu

ildPrerer parerer

Opera

te

Stratata

egic Proror active

OPERATE: focus on monitoring the process, health and analytics.


Bu

ildPrerer parerer

Opera

te

Stratata

egic Proror active

Ongoin

g

IF YOU OPERATE RIGHT, YOUR SECURITY WILL BE ONGOING devices and analysis

Capabilities

Bu

ildPrerer parerer

Opera

te

Respond

Stratata

egic Proror active

Ongoin

g

RESPOND: act quickly, with insight when events do occur.


Bu

ildPrerer parerer

Opera

te

Respond

Stratata

egic Proror active

Ongoin

g

Restored

IF YOU RESPOND RIGHT, YOUR SECURITY WILL BE RESTORED.

And you’ll have the insight you need to pivot and adapt in the build, prepare and operate stages until you need to respond again.

THINK ABOUT THIS: if you have great operations, but your strategy is off, you’re probably going to fail to achieve business outcomes and protect critical assets.

YOU CAN HAVE AWESOME STRATEGY AND OPERATIONS, but without the ability to respond, you’ll probably kick yourself if something does happen.

ANY ONE WEAKNESS, IN ANY AREA,

can impact your overall security.

FIND YOUR BALANCE,

and you’ll find better outcomes.

WHY SHOULD I CARE? Glad you asked.

Bu

ildPrepare

Operate

Respond

Strat

egic Proactive

Ongoin

g

Restored


If your wheel (we like to call it an ecosystem) is in balance…


Bu

ildPrepare

Operate

Respond

Strat

egic Proactive

Ongoin

g

Restored


If your wheel (we like to call it an ecosystem) is in balance...

…then you’re running a MATURE security practice.


WHAT’S THE VALUE OF MATURITY?


In security, a lot.


In security, a lot. ■ You’ll be realizing business outcomes more consistently


In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be more aware


In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be way more aware■ That big, bad breach won’t seem so big and bad after all


In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be way more aware■ That big, bad breach won’t seem so big and bad after all■ You’ll constantly be getting better


In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be way more aware■ That big, bad breach won’t seem so big and bad after all■ You’ll constantly be getting better■ You’ll have the info you need to change your strategy, how you operate and what you test for


In security, a lot. ■ You’ll be realizing business outcomes more consistently■ You’ll be way more aware■ That big, bad breach won’t seem so big and bad after all■ You’ll constantly be getting better■ You’ll have the info you need to change your strategy, how you operate and what you test for■ And you’ll be kicking some benchmarking butt

GREAT, SO NOW WHAT DO I DO?

GREAT, SO NOW WHAT DO I DO?

We’d thought you’d never ask.

CALL TELUS. NOT the phone guys.

The security experts. Yes, the security experts. US.

We have really strong capabilities to help you build, prepare, operate and/or respond.

JUST ASK IDC! IDC recognized TELUS as a leader in the managed security services market in Canada.

Don’t believe the phone guys are also the security pros? Check out what we offer.

Stage Customer Responsibilities

Security Services Outcomes

BuildIdentify business need, determine risktolerance, develop governance and management frameworks, build security roadmap, align budgets, develop strategy, determine resources, align tactical controls to business needs, identify required controls and associated capabilities, compare options, design security infrastructure/architecture, deploy tactical controls.

■ Security Governance Review■ Security Framework Optimization■ Design and Architecture■ Controlled Delivery

Strategic Security – sound security investments, risk management, reasonable controls

PrepareMonitor compliance with regulatory and internal standards, monitor policy framework, threat and vulnerability testing, demonstrate the evidence

■ Security exposure identification■ Validation of existing controls■ Recommendations for exposure resolution

Proactive Security – the security that was built and that is operating is working as intended; insight to amend policies, procedures and controls to get to adequate and effective security

OperateProgram management, monitor activity, track incidents (trends and metrics), detect anomalies and malicious threats, counteract threats (technical or procedural controls), security status reporting (metrics).

■ Next Gen Firewalls■ IPS■ SIEM■ Email & Web Security■ Security Monitoring & IA■ Program Management

Ongoing Security -- auditable, repeatable, outcome-focused security that enables continuous improvement

RespondRestore security, respond to cyber risk, remediate, perform retrospective, communications plan, revisit security strategy.

■ Forensic Investigation■ Data analysis■ Incident handling and recovery■ Damage assessment

Restored Security – back to business and more resilient, aware security

WE CAN PROVIDE THE ELEMENTS OF A MATURE SECURITY PRACTICE, AND DO PROVIDE ALL OF THE ELEMENTS FOR MANY ORGANIZATIONS.


Why? Because we have: track record (proven approaches and solutions); partnership (learn, fail and win with you); substance (all this great security stuff from ONE provider); specialists (recognized experts with specific focus).


Why? Because we have: track record (proven approaches and solutions); partnership (learn, fail and win with you); substance (all this great security stuff from ONE provider); specialists (recognized experts with specific focus).

And most importantly: WE’VE BEEN THERE. We’ve been where you are, doing what you’re doing – we’ve faced the day-to-day realities of what we’re selling.

SECURITY TRULY IS A JOURNEY. AND EVERYONE MATURES AT A DIFFERENT RATE.

We can help to guide your journey.To be aware. To be intelligent. To be resilient. To be prepared.



■ It’s more than a product or a service



■ It’s more than a product or a service■ It’s more specialist than generalist



■ It’s more than a product or a service■ It’s more specialist than generalist■ It’s finding the gaps and filling them



■ It’s more than a product or a service■ It’s more specialist than generalist■ It’s finding the gaps and filling them■ It’s partnering. It’s speaking the same language



■ It’s more than a product or a service■ It’s more specialist than generalist■ It’s finding the gaps and filling them■ It’s partnering. It’s speaking the same language ■ It’s more than a sale. It’s making the right short-term decisions for the right long term outcomes



■ It’s more than a product or a service■ It’s more specialist than generalist■ It’s finding the gaps and filling them■ It’s partnering. It’s speaking the same language ■ It’s more than a sale. It’s making the right short-term decisions for the right long term outcomes■ It’s TELUS Security Solutions. One security provider. One focus. Making sure you’re prepared for the inevitable

Become more aware, resilient and prepared. Find out more at telus.com/talkssecurity

the security ecosystem

Technology