1©2012 check point software technologies ltd. squashing politics with policy

1©2012 Check Point Software Technologies Ltd.

Squashing Politics with Policy

2©2012 Check Point Software Technologies Ltd.

Agenda

1 Challenges

Foundation for acceptable security2

Why it helps3

Questions / Discussion4

[Restricted] ONLY for designated groups and individuals

3©2012 Check Point Software Technologies Ltd.

Why do we need security controls?

Protect company and client sensitive information

Protect company image

Save the company money

Protect critical applications that make your company money

Protect critical applications that provide services to the public

4©2012 Check Point Software Technologies Ltd.

Agenda

1 Challenges

2

Why it helps3

Questions / Discussion4

Foundation for acceptable security

5©2012 Check Point Software Technologies Ltd.

Challenges with implementing security

Users don’t like change

Users don’t like the idea of freedoms being taken away

Users can feel accused if they are told they are doing something insecure

Security controls can break applications or functions in your IT infrastructure

Security requirements can slow down projects

6©2012 Check Point Software Technologies Ltd.

Agenda

1 Challenges

Foundation for acceptable security2

Why it helps3

Questions / Discussion4

7©2012 Check Point Software Technologies Ltd.

Foundation for acceptable security

Develop your Security Policy

Develop Standard Operating Procedures

Develop Implementation and Test Plans

Develop an Approval Process for Policy Exceptions

Develop Procedure for Post Mortem and Root Cause Analysis

8©2012 Check Point Software Technologies Ltd.

Foundation for acceptable security

Develop your security policy

SHOULD BE THE FOUNDATION OF SECURITY IN YOUR ORGANIZATION

Get this vetted by appropriate parties to be distributed and signed by everyone in your organization

– HR (Especially for web content filtering!!)– Management– CIO, CISO, CTO, Director, etc.

Policy violations must have consequences

9©2012 Check Point Software Technologies Ltd.

From Scratch?!?!...I don’t have time!

Plenty of free resources sans.org/security-resources/

10©2012 Check Point Software Technologies Ltd.

Foundation for acceptable security

Develop an approval process for policy exceptions

When exceptions must be made to the policy– Communicate the risk

– Keep a record of someone ELSE accepting the risk. – Someone in your direct chain of reports or someone

designated to accept risk (like a compliance dept.)– Document the exception

11©2012 Check Point Software Technologies Ltd.

Foundation for acceptable security

Develop Standard Operating Procedures

Things that you do on a daily basis for Due Diligence

These practices are usually more specific to your group within the company

SOPs will change as security threat landscape evolves

Get this vetted and signed by your manager

12©2012 Check Point Software Technologies Ltd.

Foundation for acceptable security

A thorough test plan will increase the probability of a successful deployment thus increasing user acceptance

Require testing of critical business applications or functions– By business units responsible for such applications

Always include a rollback plan and time to execute the rollback plan

Develop implementation and test plans

13©2012 Check Point Software Technologies Ltd.

Foundation for acceptable security

Doing this will:– Keep relevant facts of significant outages (Audit, Manager’s

report, etc.)– Avoid misdiagnosis and discourage those from doing it in the

future

Develop Procedure for Post Mortem and Root Cause Analysis

14©2012 Check Point Software Technologies Ltd.

Agenda

1 Challenges

Foundation for acceptable security2

Why it helps3

Questions / Discussion4

15©2012 Check Point Software Technologies Ltd.

Why it helps

Increase user acceptance of security

Increase confidence in security controls

Increase user security awareness

Minimize impact of implementing controls

Will breed a professional and happy work environment with more unity among teams

16©2012 Check Point Software Technologies Ltd.

Agenda

1 Challenges

Foundation for acceptable security2

Why it helps3

Questions / Discussion4

17©2012 Check Point Software Technologies Ltd.

Questions?