1©2012 check point software technologies ltd. squashing politics with policy
Post on 27-Dec-2015
212 Views
Preview:
TRANSCRIPT
1©2012 Check Point Software Technologies Ltd.
Squashing Politics with Policy
2©2012 Check Point Software Technologies Ltd.
Agenda
1 Challenges
Foundation for acceptable security2
Why it helps3
Questions / Discussion4
[Restricted] ONLY for designated groups and individuals
3©2012 Check Point Software Technologies Ltd.
Why do we need security controls?
Protect company and client sensitive information
Protect company image
Save the company money
Protect critical applications that make your company money
Protect critical applications that provide services to the public
4©2012 Check Point Software Technologies Ltd.
Agenda
1 Challenges
2
Why it helps3
Questions / Discussion4
Foundation for acceptable security
5©2012 Check Point Software Technologies Ltd.
Challenges with implementing security
Users don’t like change
Users don’t like the idea of freedoms being taken away
Users can feel accused if they are told they are doing something insecure
Security controls can break applications or functions in your IT infrastructure
Security requirements can slow down projects
6©2012 Check Point Software Technologies Ltd.
Agenda
1 Challenges
Foundation for acceptable security2
Why it helps3
Questions / Discussion4
7©2012 Check Point Software Technologies Ltd.
Foundation for acceptable security
Develop your Security Policy
Develop Standard Operating Procedures
Develop Implementation and Test Plans
Develop an Approval Process for Policy Exceptions
Develop Procedure for Post Mortem and Root Cause Analysis
8©2012 Check Point Software Technologies Ltd.
Foundation for acceptable security
Develop your security policy
SHOULD BE THE FOUNDATION OF SECURITY IN YOUR ORGANIZATION
Get this vetted by appropriate parties to be distributed and signed by everyone in your organization
– HR (Especially for web content filtering!!)– Management– CIO, CISO, CTO, Director, etc.
Policy violations must have consequences
9©2012 Check Point Software Technologies Ltd.
From Scratch?!?!...I don’t have time!
Plenty of free resources sans.org/security-resources/
10©2012 Check Point Software Technologies Ltd.
Foundation for acceptable security
Develop an approval process for policy exceptions
When exceptions must be made to the policy– Communicate the risk
– Keep a record of someone ELSE accepting the risk. – Someone in your direct chain of reports or someone
designated to accept risk (like a compliance dept.)– Document the exception
11©2012 Check Point Software Technologies Ltd.
Foundation for acceptable security
Develop Standard Operating Procedures
Things that you do on a daily basis for Due Diligence
These practices are usually more specific to your group within the company
SOPs will change as security threat landscape evolves
Get this vetted and signed by your manager
12©2012 Check Point Software Technologies Ltd.
Foundation for acceptable security
A thorough test plan will increase the probability of a successful deployment thus increasing user acceptance
Require testing of critical business applications or functions– By business units responsible for such applications
Always include a rollback plan and time to execute the rollback plan
Develop implementation and test plans
13©2012 Check Point Software Technologies Ltd.
Foundation for acceptable security
Doing this will:– Keep relevant facts of significant outages (Audit, Manager’s
report, etc.)– Avoid misdiagnosis and discourage those from doing it in the
future
Develop Procedure for Post Mortem and Root Cause Analysis
14©2012 Check Point Software Technologies Ltd.
Agenda
1 Challenges
Foundation for acceptable security2
Why it helps3
Questions / Discussion4
15©2012 Check Point Software Technologies Ltd.
Why it helps
Increase user acceptance of security
Increase confidence in security controls
Increase user security awareness
Minimize impact of implementing controls
Will breed a professional and happy work environment with more unity among teams
16©2012 Check Point Software Technologies Ltd.
Agenda
1 Challenges
Foundation for acceptable security2
Why it helps3
Questions / Discussion4
17©2012 Check Point Software Technologies Ltd.
Questions?
top related