Download - You’re the IT Heroes
![Page 1: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/1.jpg)
![Page 2: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/2.jpg)
You’re the IT HeroesJohn Craddock [email protected]
![Page 3: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/3.jpg)
When All Fails
The Heroes
![Page 4: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/4.jpg)
Who Do We Blame?
Microsoft !
![Page 5: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/5.jpg)
We can build systems that are truly reliable
NO
But is that fair Today?
![Page 6: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/6.jpg)
What Does It Take?• Governance• Knowing what we have• Well practised policies and procedures– Security, management and deployment
• Monitoring• Closing the loop• Budget
![Page 7: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/7.jpg)
Governance
CXOs
IT ArchitecturalBoard
Security ReviewBoard
Defines how we operate
Ultimate decision on infrastructure changes
Rules for delegated administration
Teeth required! Interest required!
Business Requirements
![Page 8: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/8.jpg)
Knowing What you’ve Got
If you don’t know what you’ve got you can’t protect it
![Page 9: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/9.jpg)
If It All Fails• Make sure you can recover it– You must have well documented and tested
disaster recovery plans• Test them regularly• Make sure enough staff are trained
• Know when to invoke the plan
![Page 10: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/10.jpg)
Change Control• Document all changes• Automate as many processes as you can• Test test test• You need a test and reference environment– Reference should “mirror” production and be
under change control
![Page 11: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/11.jpg)
Updates
Updates are essential
![Page 12: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/12.jpg)
Monitoring
Good monitoring and planned response
Stop an event turning into aDisaster
![Page 13: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/13.jpg)
Closing the Loop
![Page 14: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/14.jpg)
All Process Loops Must Close
Security PolicySecurity RiskManagement
Process
Identifies threats,risks and mitigations
Document Processes and
Procedures
What you say you do and
how you do it
Operations
What you really do
Statement of what you must do to
secure the environment
![Page 15: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/15.jpg)
How do you get the budget?
![Page 16: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/16.jpg)
You Need to Sell the Process• Talk to an asset owner: – “How much would it cost the company if the
sales agents could not work for a day”• $200,000 per day
• How long would it take your team to clean malware off all the sales computers?– 3 days– Loss: 3 x $200,000 = $600,000
• How much would it cost to instigate a security process that mitigated the risk?– Estimated 6 weeks for team, cost $50,000
![Page 17: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/17.jpg)
What’s she after? Her smile’s too
big
Gooddocumentation
Money Please….
Currently we don’t have an effective security process. The chances of sales computers being compromised is high.
While we recover the systems the company will loose $600,000
If we had a good security management in process in place, the risks of being
compromised are low.Initial project costs estimated at $50,000
$600,000 vs $50,000 and of course it
could happen more than
once!
Oh, and if we lost the confidentiality of customer’s personal identity
information, YOU could end up in PRISON!
![Page 18: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/18.jpg)
Some Great Tools
Incident Management
Operations Management
ConfigurationManagement
Change Management
Joining up the storyOrchestrationAutomationWorkflow
![Page 19: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/19.jpg)
How Cool Is That?
![Page 20: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/20.jpg)
Don’t be the fire-fighting Hero
![Page 21: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/21.jpg)
Form the perfect orchestra
Be a Super Hero
![Page 22: You’re the IT Heroes](https://reader036.vdocuments.net/reader036/viewer/2022062410/568161b8550346895dd1853f/html5/thumbnails/22.jpg)