Symantec Security Program Assessment and the Symantec Security Management Model.

Symantec Security Program Assessment and the Symantec Security Management Model

<Name>

<Date>

IT Security used to be much simpler

• A single team addressed the problems

• Incident management was centered around the security team

• Security devices were owned and operated by the security team

• Software was just anti-virus

Security Management and Measurement Programs 2

Less RedundancyAs organizations

run faster and leaner, security

budgets are under pressure.

IT Security Now

Security Management and Measurement Programs 3

Outsourcing81% of firms

outsource up to 50% of their IT

functions

Distributed Control

Security requires software and hardware all

throughout the IT environment.

Culpepper Compensation Survey, 2007

What is your guide to a complete program to address all your firm’s needs?

Three questions you need to answer.

4

How do you ensure that your business partners and outsourcers don’t leave you

exposed?

Security Management and Measurement Programs

What helps you determine the correct amount of effort to spend on the different

areas of security at your firm?

Symantec Security Management ModelWhat is the model?

The Symantec Security Management Model was developed as a graphical tool to facilitate wide-ranging discussions about our customer’s information security programs

The Model examines security from three perspectives…People “Strategic”

Process “Operational”

Technology “Tactical”

…across seven core areas:Security Strategy

Security Organization

Secure Operations

Business Continuity

Network & System Security

Application Security

Data Security

5Security Management and Measurement Programs

6

Symantec Security Management ModelWhat does the model look like?


Symantec Security Management ModelHow do our clients use the model?

In order to ensure that all security responsibilities are clearly understood throughout the enterprise

To determine the maturity of their security programs

Identifying areas of strength and opportunities for improvement

Addressing areas of excess security expenditure

7

Customer drivenWe developed this service to meet our clients’ need for a systematic, scalable and repeatable process to assess the maturity of their IT Security activities which could be easily communicated

to executive management


8

Security Management and Measurement ProgramsWhat is the Security Program Assessment?

Consultative engagement intended to:Evaluate the maturity for a security program against the framework

Identify the desired state of security capabilities

Prioritize roadmap for achieving information security goals

Utilizing a well-defined methodology that engages:Senior Management

Business Stakeholders

Technical Owners

Conducted in a series of:Interviews

Risk Workshops

Documentation Review

Typical engagement3 weeks offsite planning

3-4 weeks onsite delivery


9

Security Management and Measurement ProgramsWhat is the Security Program Assessment?


10

Security Management and Measurement ProgramsWhat are the results of the Security Program Assessment?

Detailed AnalysisCovering all 42 elements of the framework

Defined Capability Maturity Model

Five Levels of evaluation

Focused on each element

Detailed subcategories

Heat Map of the Core Areas

Current State

Desired State

Executive SummaryCapability Maturity Model Rating

Prioritized Action Plan


11








Current State

Desired State




12








Current State

Desired State




13








Current State

Desired State



Level 1 Level 2 Level 3 Level 4 Level 5

Security Strategy


Secure Operations

Data Security

Business Continuity



Current State Desired State

Objectives for Year One

Level 1 Level 2 Level 3 Level 4 Level 5

Security Strategy


Secure Operations

Data Security

Business Continuity



Current State Desired State

Objectives for Year Two


Security Management and Measurement ProgramsWho’s using the Security Program Assessment?

14

Industry Services Results

Financial Services• Conducted Maturity Assessments of Information Security

Program in order to measure improvements in capability over the past eighteen months

Insurance• Utilized the Symantec Security Management Model to compare

and contrast anticipated program improvements to be gained from key security initiatives

Retail

• Conducted Maturity Assessments of core and subsidiary business units to align program objectives

• Modeled future program initiatives using the model

Government• Used the model as a framework to establish IT Security

Program and to communicate and collaborate on security initiatives across multiple, autonomous divisions


Security Management and Measurement ProgramsWhat are people saying about the Security Program Assessment?

15

[The service] which highlights numerous security postures and attributes a risk level to each one, gives us a snapshot of where we are. It really provides a comprehensive picture of each of the different pieces to the larger security landscape. Not only do I find it useful, but I've shown it to the audit committee and to other executives to explain our current security state and our direction over the next year.

Dave Cullinane

CISO, eBay Marketplaces

CIO Digest Magazine, October 2007


16

Symantec Services Portfolio

Symantec Global Services offers deep technical knowledge and expert resources to protect and manage your information-driven world

• Consulting– Advisory Services

– Product Enablement Services

– Residency Services

• Hosted Services– DeepSight Early Warning

Services

– Symantec Protection Network

– MessageLabs

Managed & HostedServices

Enterprise SupportProfessional

Services

• Enterprise Support– Business Critical Services

– Essential Support

– Basic Maintenance

• Education– Technical Training

– Custom Learning Services

• Managed Services– Managed Security Services

– Managed Backup Services



Consulting Services

Data Centre Transformation• Data Center Strategy and Planning• Standardization services• Green IT Assessment• Future State Architecture• IT Service Management

Security• Strategic Services (e.g., Security

Program Assessment)• Secure Application Services• Secure Infrastructure Services• Operations Services (e.g., Security Policy

/ Program)• Compliance Services

Advisory Services

Product Enablement

Residency Services

Representative Products• SEP, Altiris• EV, Control Compliance Suite,

Vontu• Veritas Storage Foundation• NetBackup, PureDisk

Solution Domains• Security• Information Risk and Compliance• Storage• Infrastructure Operations• Business Continuity

Services• Executive/ Strategic advisory• Operations management

Services• Assessment, Design, Transform &

Operate• Upgrades / Solution Reviews• Integration Services• Health-checks



Managed Services

Symantec’s Global Intelligence Network• Database of 25,000+ Vulnerabilities• Attack Quarantine System (Honeypot)• 40,000 registered sensors in 200+

countries• 120 million threat/virus submission

systems• 2,000,000 decoy accounts in the

Symantec Probe Network• 200,000 Malicious Code Submissions

per month

Deepsight Global Intelligence Services• Threat Management System• Alert Services

Recent Introductions• Deepsight Datafeeds v3.0

Managed SecurityServices Early Warning Services

Managed BackupServices

Core Services• Security Monitoring• Security Management• Vulnerability Assessment Services• Vulnerability Data Integration

Recent Introductions• Managed Threat Analysis• Gold Firewall Monitoring• Bundled IDP Solution• Bot-aware network detection• Traffic Anomaly Detection• Security Device Virtualisation

Future Planned Offerings• Log Management Service

(Nov 2008)

• Managed Endpoint(Jan 2009)

Service Features• 24 x 7 x 365 proactive management

of backup environment• SLAs backed by penalties• Local account management • Daily status reports of SLAs• Regular monthly service reviews• Fixed monthly fee

Delivery Model• “Best shoring” model, using local

administrators and service deliver managers + remote 24x7 operations

• Standard transition plan and methodology


Security Management and Measurement ProgramsWhat are the Next Steps to move forward?

Account Team can provide additional information:Security Program Assessment Datasheet

Sample Statement of Work

Sample Final Deliverable

Share the webcast on Building Confidence in Enterprise Security

http://www.symantec.com/business/theme.jsp?themeid=building_confidence

Schedule a discussion with a Enterprise Security Practice expert to:

Provide a detailed overview of the Security Program Assessment

Begin scoping a Security Program Assessment or to determine how to put the Symantec Security Management Model to work for you

Security Management and Maturity Programs 19

http://www.symantec.com/business/theme.jsp?themeid=building_confidence

20

&ANSWERS

QUESTIONS


Thank You!

Copyright © 2009 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.

Date post:	12-Jan-2016
Category:	Documents
Upload:	berniece-avis-leonard
View:	220 times
Download:	2 times

Symantec Security Program Assessment and the Symantec Security Management Model.

Documents